Summary: | net-p2p/bitcoin-core: memory manipulation leading to transaction redirection | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | minor | CC: | gentoo, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html | ||
Whiteboard: | B3 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2023-11-25 23:16:02 UTC
1. The very first sentence of the overview mentions Windows, and the "attack" demo code uses Windows APIs. 2. This is stupid, as it amounts to "Anyone with privileges to open a handle to the Bitcoin process and manipulate process memory can overwrite bitcoin addresses in the Bitcoin process's memory." Pretty much a "no shit, Sherlock." (I meant to offense the reporter. It's also possible that I am missing some crucial detail in the "exploit," as I only briefly glanced over it, having been predisposed to dismiss it by the "this smells off to me.") No objection from me. Doh! I actually meant to say, "I meant no offense to the reporter." Yikes. Sorry about that. Thank you, John. Hah, I understood what you meant :) |