Summary: | net-p2p/bitcoin-core: memory manipulation leading to transaction redirection | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | minor | CC: | gentoo, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html | ||
Whiteboard: | B3 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() 1. The very first sentence of the overview mentions Windows, and the "attack" demo code uses Windows APIs. 2. This is stupid, as it amounts to "Anyone with privileges to open a handle to the Bitcoin process and manipulate process memory can overwrite bitcoin addresses in the Bitcoin process's memory." Pretty much a "no shit, Sherlock." (I meant to offense the reporter. It's also possible that I am missing some crucial detail in the "exploit," as I only briefly glanced over it, having been predisposed to dismiss it by the "this smells off to me.") No objection from me. Doh! I actually meant to say, "I meant no offense to the reporter." Yikes. Sorry about that. Thank you, John. Hah, I understood what you meant :) |