The Bitcoin Core software has been patched to fix a critical vulnerability that could have crashed the network. The changelog and statement released by the development team shows that the problem lies in the possibility for a DoS (denial-of-service) attack. Fortunately the software was updated in due time to prevent a large-scale disruption.
CVE-2018-17144 : Bitcoin Core Vulnerability That Could Have Crashed the Network Fixed with Newly Released Patch
The Bitcoin Core client which is among the most popular wallet software for the Bitcoin digital currency has been updated with a new critical patch. The discovered vulnerability is described as as a dangerous denial-of-service (DoS) instance that can crash a significant part of the peer-to-peer network.
The exact problem lies within the ability to crash older versions of the software when they attempt to process a block transaction. This was observed when attempting to spend the same amount twice. The statement shows that such blocks are created by miners and labelled as invalid. Such blocks are created by “burning” blocks of at least 12 BTC at a time.
The newly released updated includes a control feature that checks for conditions that can lead to the exploitation of the issue. Potential crashes are to be rejected automatically by the latest software. The critical problem lies in the fact that many malicious users could have used a distributed zero-day attack on the Bitcoin network using the core software. Fortunately the quick update to the software prevents this from being reality. All users are advised to update to the newest release in order to avoid potential abuse. The network crash itself is not designed to target or hijack the wallets of the individual users but to take down the network. The possible effects of this is the inability to carry out transactions with the cryptocurrency.
The vulnerability is being tracked in the CVE-2018-17144 advisory which includes the following description:.
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
An in-depth analysis is expected to be published soon. We would like to remind users that there are also wallet software that are based in Bitcoin Core, they will need to be updated as well to their latest version.