Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 918582 (CVE-2023-37192)

Summary: net-p2p/bitcoin-core: memory manipulation leading to transaction redirection
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: gentoo, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html
Whiteboard: B3 [upstream]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-25 23:16:02 UTC
CVE-2023-37192:
https://www.youtube.com/watch?v=oEl4M1oZim0

Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.

No references to an upstream report, so this smells off to me.
Comment 1 Matt Whitlock 2023-11-26 02:03:00 UTC
1. The very first sentence of the overview mentions Windows, and the "attack" demo code uses Windows APIs.

2. This is stupid, as it amounts to "Anyone with privileges to open a handle to the Bitcoin process and manipulate process memory can overwrite bitcoin addresses in the Bitcoin process's memory." Pretty much a "no shit, Sherlock."
Comment 2 Matt Whitlock 2023-11-26 02:15:24 UTC
(I meant to offense the reporter. It's also possible that I am missing some crucial detail in the "exploit," as I only briefly glanced over it, having been predisposed to dismiss it by the "this smells off to me.")
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-26 03:18:31 UTC
No objection from me.
Comment 4 Matt Whitlock 2023-11-26 03:42:13 UTC
Doh! I actually meant to say, "I meant no offense to the reporter." Yikes. Sorry about that.

Thank you, John.
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-26 03:48:43 UTC
Hah, I understood what you meant :)