Oddbean new post about | logout
EenentwintigNews | 3 months ago (raw) | export | reply | flag 
 Disclosure of remote crash due to addr message spam

Disclosure of the details of an integer overflow bug which causes an assertion
crash, a fix for which was released on September 14th, 2021 in Bitcoin Core
version v22.0.
This issue is considered High severity.
Details
CAddrMan has a 32-bit nIdCount field that is incremented on every insertion
into addrman, and which then becomes the identifier for the new entry. By
getting the victim to insert 232 entries (through e.g. spamming addr
messages), this identifier overflows, which leads to an assertion crash.
Attribution
Credit goes to Eugene Siegel for discovering and disclosing the vulnerability,
and to Pieter Wuille for fixing the issue in
https://github.com/bitcoin/bitcoin/pull/22387.
Timeline
21-06-2021 - Initial report sent to security@bitcoincore.org by Eugene Siegel
19-07-2021 - Fix is merged (https://github.com/bitcoin/bitcoin/pull/22387)
13-09-2021 - v22.0 is released
31-07-2024 - Public disclosure

https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/

#Eenentwintig #Nieuws #News #BitcoinNews