Bitcoin SV Identified and Fixed Three Medium Severity Security Vulnerabilities
Bitcoin SV Team has fixed three medium severity vulnerabilities for Multiple Bitcoin Blockchain
On 10 January 2019, the Bitcoin SV Node implementation team disclosed the details of newly identified vulnerabilities to other Bitcoin implementations (for Bitcoin Core and Bitcoin Cash) and requested full confidentially until 11 February 2019.
The Bitcoin SV Node implementation team employed services of Trail of Bits for the purpose of security audit of the Bitcoin SV Node implementation source code. As a part of its security audit, the Bitcoin SV Node implementation team along with Trail of Bits caught three medium severity vulnerabilities with low difficulty to exploit. These vulnerabilities could allow Denial of Service attacks against Bitcoin node software.
The identified vulnerabilities in the code could allow bad actors to overload the network and node processors with useless packets, potentially overloading the system with traffic. There is potential damage that could cause businesses or users at risk of losing funds or transactions.
The announcement claimed that these vulnerabilities are inherited from Bitcoin Core (BTC) and Bitcoin Cash (BCHABC).
Developer & Executive Opinion
Bitcoin SV Node Lead Developer, Daniel Connolly, said, "By organizing this security audit (with funding by CoinGeek) and by sharing the results in a responsible and secure manner, the Bitcoin SV Node team, nChain, and our partners at CoinGeek demonstrate our commitment to increase the quality of Bitcoin software and professionalize the engineering process."The Bitcoin Association's Founding President Jimmy Nguyen remarked, "The results and improvements exemplify how the Bitcoin SV Node team is taking steps to prepare Bitcoin SV to have the reliability needed to become the world's new money and the global enterprise blockchain. It also demonstrates that Bitcoin SV is now leading the Bitcoin industry, even helping other projects that deviated from the Satoshi Vision for Bitcoin."
Details on Vulnerabilities in Bitcoin SV
As per announcement, all three vulnerabilities are fixed in 'February 11 0.1.1' release of Bitcoin SV Node showing Bitcoin SV team's commitment to addressing any weaknesses that harm adoption and push enterprise use cases for the cryptocurrency.Bitcoin SV site has listed these vulnerabilities as below,
- CVE-2018-1000891 would enable an attacker to send specially crafted network packets to the target node which would needlessly consume large amounts of processor and network resources. The attack could result in a Denial of Service by exhausting processor and network resources and would not be detected or prevented by the software.
- CVE-2018-1000892 would similarly enable an attacker to send specially crafted network packets which would needlessly consume large amounts of processor and network resources. The attack could result in a Denial of Service by exhausting processor and network resources and would not be detected or prevented by the software.
- CVE-2018-1000893 would also enable an attacker to send specially crafted network packets which would needlessly consume large amounts of memory resources. The attack could result in a Denial of Service by exhausting memory resources and causing system failure. The attack would not be detected or prevented by the software.
More details on these vulnerabilities can be found here.
CoinGeek has partially funded this full security audit that helped catch the vulnerabilities.
PC:pablo,unsplash
Never miss an update. Subscribe and follow to stay informed. Delivered Every Tuesday.
We hate spam too, we will never share your details.
Mandar Pise
Opinions expressed by techsutram contributors are their own. More details
Mandar is a seasoned software professional for more than a decade. He is Cloud, AI, IoT, Blockchain and Fintech enthusiast. He writes to benefit others from his experiences. His overall goal is to help people learn about the Cloud, AI, IoT, Blockchain and Fintech and the effects they will have economically and socially in the future.
Weekly Newsletter
Never miss an update. Subscribe and follow to stay informed.
Delivered Every Tuesday.
Delivered Every Tuesday.
Thank you! You have successfully subscribed to our newsletter.
We hate spam too, we will never share your details.
No comments:
Post a Comment
Your valuable comments are welcome. (Moderated)