2209426 – (CVE-2023-33297) CVE-2023-33297 bitcoin: CVE-2023-33297

Bug 2209426 (CVE-2023-33297) - CVE-2023-33297 bitcoin: CVE-2023-33297

Summary: CVE-2023-33297 bitcoin: CVE-2023-33297

Keywords:
Status:	CLOSED UPSTREAM
Alias:	CVE-2023-33297
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2209427 2209428
Blocks:
TreeView+	depends on / blocked

Reported:	2023-05-23 20:49 UTC by Patrick Del Bello
Modified:	2023-05-24 02:31 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-05-24 02:31:32 UTC
Embargoed:

Attachments	(Terms of Use)

Description Patrick Del Bello 2023-05-23 20:49:14 UTC

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.

https://github.com/bitcoin/bitcoin/pull/27610
https://github.com/bitcoin/bitcoin/issues/27623
https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md
https://github.com/bitcoin/bitcoin/issues/27586
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

Comment 1 Patrick Del Bello 2023-05-23 20:49:29 UTC

Created bitcoin-core tracking bugs for this issue:

Affects: epel-all [bug 2209427]
Affects: fedora-all [bug 2209428]

Comment 2 Product Security DevOps Team 2023-05-24 02:31:30 UTC

This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.

Note You need to log in before you can comment on or make changes to this bug.