public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: "'hashnoncemessage' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
To: Peter Todd <pete@petertodd.org>
Cc: Niklas Goegge <n.goeggi@gmail.com>,
	Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Public disclosure of 2 vulnerabilities affecting Bitcoin Core < v22.0
Date: Sun, 04 Aug 2024 06:41:03 +0000	[thread overview]
Message-ID: <ZGhOmx0cu1iFlx-rixCamesD8EL25jxiTuzSHROj9EW3n1GIeIazTEIhziicy8_4BX9sxUmxJnY0-Zl3qHpTBzQiigfkmkz8vC2Ju-ZztBY=@proton.me> (raw)
In-Reply-To: <ZqqKA+grzscldhiU@petertodd.org>

[-- Attachment #1: Type: text/plain, Size: 2408 bytes --]

The disclosure dates should also please be included on that page.

For clarity, the advisories appear to be in reverse chronological order of their posting.

The two newest disclosures are the ones announced in OP

[Disclosure of remote crash due to addr message spam](https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/)

Nodes could be spammed with addr messsages, which could be used to crash them. A fix was released on September 14th, 2021 in Bitcoin Core v22.0.

[Disclosure of the impact of an infinite loop bug in the miniupnp dependency](https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom/)

Nodes could be crashed by a malicious UPnP device on the local network. A fix was released on September 14th, 2021 in Bitcoin Core v22.0.

On Wed, Jul 31, 2024 at 21:01, Peter Todd <[pete@petertodd.org](mailto:On Wed, Jul 31, 2024 at 21:01, Peter Todd <<a href=)> wrote:

> On Wed, Jul 31, 2024 at 10:01:17AM -0700, Niklas Goegge wrote:
>> Hi everyone,
>>
>> Today we are releasing 2 security advisories for the Bitcoin Core project.
>> Those bugs affect versions of Bitcoin Core before (and not including)
>> v22.0.
>>
>> This is part of the gradual adoption by the project of a new vulnerability
>> disclosure policy.
>>
>> The policy and the 2 security advisories can be found on the project's
>> website at https://bitcoincore.org/en/security-advisories .
>
> You should say which two security vulnerabilities the newly disclosed ones
> actually are. The link does not make that clear at all.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
> --
> You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZqqKA%2BgrzscldhiU%40petertodd.org.

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZGhOmx0cu1iFlx-rixCamesD8EL25jxiTuzSHROj9EW3n1GIeIazTEIhziicy8_4BX9sxUmxJnY0-Zl3qHpTBzQiigfkmkz8vC2Ju-ZztBY%3D%40proton.me.

[-- Attachment #2: Type: text/html, Size: 4564 bytes --]

      reply	other threads:[~2024-08-04  8:15 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-31 17:01 [bitcoindev] Public disclosure of 2 vulnerabilities affecting Bitcoin Core < v22.0 Niklas Goegge
2024-07-31 19:01 ` Peter Todd
2024-08-04  6:41   ` 'hashnoncemessage' via Bitcoin Development Mailing List [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='ZGhOmx0cu1iFlx-rixCamesD8EL25jxiTuzSHROj9EW3n1GIeIazTEIhziicy8_4BX9sxUmxJnY0-Zl3qHpTBzQiigfkmkz8vC2Ju-ZztBY=@proton.me' \
    --to=bitcoindev@googlegroups.com \
    --cc=hashnoncemessage@proton.me \
    --cc=n.goeggi@gmail.com \
    --cc=pete@petertodd.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox