{"id":35752,"date":"2021-02-02T18:05:50","date_gmt":"2021-02-02T16:05:50","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=35752"},"modified":"2025-08-29T02:50:56","modified_gmt":"2025-08-28T23:50:56","slug":"developer-explains-fix-for-bitcoin-core-vulnerability","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/developer-explains-fix-for-bitcoin-core-vulnerability\/","title":{"rendered":"Developer explains fix for Bitcoin Core vulnerability"},"content":{"rendered":"<p>In early Bitcoin Core releases, a vulnerability affected client versions for Windows and Linux, according to developer Andrew Chow.<\/p>\n<p><!--more--><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Disclosure of a likely unexploitable URI argument injection vulnerability present in Bitcoin Core 0.18 and earlier. This has been fixed since 0.19.<a href=\"https:\/\/t.co\/gGhXASrOtM\">https:\/\/t.co\/gGhXASrOtM<\/a><\/p>\n<p>\u2014 Andrew Chow (@achow101) <a href=\"https:\/\/twitter.com\/achow101\/status\/1356280549988589569?ref_src=twsrc%5Etfw\">February 1, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to him, the vulnerability could lead to remote code execution on a computer. The bug was present in Bitcoin Core clients version 0.18 and earlier. It was fixed in the 0.19 release.<\/p>\n<p>In <a href=\"https:\/\/achow101.com\/2021\/02\/0.18-uri-vuln\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">the article the developer pointed to<\/a> three technical aspects of the attack: the Uniform Resource Identifier (URI), Qt5 graphical software, and the methods by which a computer interacts with them.<\/p>\n<p>The problem lay in Qt5, unable to detect malicious URIs. Theoretically, an attacker could send malicious code and install a dangerous extension.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Disclosure of a likely unexploitable URI argument injection vulnerability present in Bitcoin Core 0.18 and earlier. This has been fixed since 0.19.<a href=\"https:\/\/t.co\/gGhXASrOtM\">https:\/\/t.co\/gGhXASrOtM<\/a><\/p>\n<p>\u2014 Andrew Chow (@achow101) <a href=\"https:\/\/twitter.com\/achow101\/status\/1356280549988589569?ref_src=twsrc%5Etfw\">February 1, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote>\n<p>&#8220;Given the protections in modern browsers and the Linux environment, I do not believe this vulnerability can be exploited,&#8221; wrote Chow.<\/p>\n<\/blockquote>\n<p>In September 2020, developer Braydon Fuller described <a href=\"https:\/\/forklog.com\/en\/news\/storj-developer-reveals-serious-bitcoin-core-bug-discovered-in-2018\">the issue identified in 2018<\/a> in Bitcoin Core clients versions 0.16.0 and 0.16.1. The bug was assigned a severity level of 7.8 on a ten-point scale \u2014 enabling attackers to steal funds, delay payments and fork the blockchain into conflicting chains.<\/p>\n<p>On 14 January 2021, Bitcoin Core version 0.21.0 was released, adding support for Tor Network v3 addresses and descriptor wallets.<\/p>\n<p>Subscribe to ForkLog news on Telegram: <a href=\"https:\/\/t.me\/forkloglive\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog FEED<\/a> \u2014 the full feed of news, <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog<\/a> \u2014 the most important news and polls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Early releases of Bitcoin Core software contained a vulnerability affecting client versions for Windows and Linux. This was reported by developer Andrew Chow.<\/p>\n","protected":false},"author":1,"featured_media":35753,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[143,1301],"class_list":["post-35752","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-bitcoin-core","tag-blockchain-vulnerabilities"],"aioseo_notices":[],"amp_enabled":true,"views":"31","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/35752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=35752"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/35752\/revisions"}],"predecessor-version":[{"id":35754,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/35752\/revisions\/35754"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/35753"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=35752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=35752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=35752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}