Developer explains fix for Bitcoin Core vulnerability

In early Bitcoin Core releases, a vulnerability affected client versions for Windows and Linux, according to developer Andrew Chow.

Disclosure of a likely unexploitable URI argument injection vulnerability present in Bitcoin Core 0.18 and earlier. This has been fixed since 0.19.https://t.co/gGhXASrOtM

— Andrew Chow (@achow101) February 1, 2021

According to him, the vulnerability could lead to remote code execution on a computer. The bug was present in Bitcoin Core clients version 0.18 and earlier. It was fixed in the 0.19 release.

In the article the developer pointed to three technical aspects of the attack: the Uniform Resource Identifier (URI), Qt5 graphical software, and the methods by which a computer interacts with them.

The problem lay in Qt5, unable to detect malicious URIs. Theoretically, an attacker could send malicious code and install a dangerous extension.

Disclosure of a likely unexploitable URI argument injection vulnerability present in Bitcoin Core 0.18 and earlier. This has been fixed since 0.19.https://t.co/gGhXASrOtM

— Andrew Chow (@achow101) February 1, 2021

“Given the protections in modern browsers and the Linux environment, I do not believe this vulnerability can be exploited,” wrote Chow.

In September 2020, developer Braydon Fuller described the issue identified in 2018 in Bitcoin Core clients versions 0.16.0 and 0.16.1. The bug was assigned a severity level of 7.8 on a ten-point scale — enabling attackers to steal funds, delay payments and fork the blockchain into conflicting chains.

On 14 January 2021, Bitcoin Core version 0.21.0 was released, adding support for Tor Network v3 addresses and descriptor wallets.

Subscribe to ForkLog news on Telegram: ForkLog FEED — the full feed of news, ForkLog — the most important news and polls.