From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 45C78C0051 for ; Wed, 9 Sep 2020 13:33:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 2E2CE86C8A for ; Wed, 9 Sep 2020 13:33:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pzLzYbFnqg6J for ; Wed, 9 Sep 2020 13:33:43 +0000 (UTC) X-Greylist: delayed 00:05:04 by SQLgrey-1.7.6 Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by whitealder.osuosl.org (Postfix) with ESMTPS id 854CC86C03 for ; Wed, 9 Sep 2020 13:33:43 +0000 (UTC) Received: by mail-pf1-f177.google.com with SMTP id w7so2181564pfi.4 for ; Wed, 09 Sep 2020 06:33:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=purse.io; s=google; h=to:from:autocrypt:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=L+dTE9QLhdsUIkfOSKRjyKgo86hs5+PTjJoHKqVVBb8=; b=enywz/l7bXPcP4Q6cSq1sexGDMOdXdUN5Q5fxfysleM+VBLEv3Hr6W+VwyneEfFMvS p1DlnSOSGqwTS1vXhq33rsdxS/n/n1ndWWqj5Hs7IZArhjarwI0C8fA4zItxKok2JC8M OUMhcYyUSy53HnXo/1qJDaCpBFJCzyFVHwszA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:autocrypt:subject:message-id:date :user-agent:mime-version:content-transfer-encoding:content-language; bh=L+dTE9QLhdsUIkfOSKRjyKgo86hs5+PTjJoHKqVVBb8=; b=I+sgH3iTYMOjZKBwYwvmoCR/MK25b9uD+GJ8HEHTwpKf1bZzb+7ccOYXbzmmDMJ5MW 6oL1gdjUVZiypp3DBXg7q6MT6bAucOtC9b9h2l+JDOEEUn9tw7DL98dRlRRAMJvwIjz7 wqG91zyVsNqfNJslyrMxbqbYjo/QfxaLPj3ZaX5ILfKb94T5Y+hegR8x2kPdd3vCg3Ow rK5XZLMR8dB1qUZhbmX4QEatSsAB4Ooaini0hVZ+p9rd1bo9HzqpkGrj8nplEYsdK9qC pVj0my5bsjUs/tTguDbWeEhwrgDeNigfLF74JHk36DqnJlK8I12E2ZLi56oDz56xPu8b 7rmg== X-Gm-Message-State: AOAM530ZegSPbHgJJjT7lfifITpZFsIgurb25dDBYpqvyDluY3DTc8KM +0zB2S5D3kpyLrKhKSrFv4yJcoDxNe6IDw== X-Google-Smtp-Source: ABdhPJx7oVhv4kHk/oUHeMRw5bA0SHEAymrewCPllO7aOnBxTWT3lW3vPN7hVhT9pgZlt7pA+DIeJw== X-Received: by 2002:a63:d409:: with SMTP id a9mr623035pgh.312.1599658119037; Wed, 09 Sep 2020 06:28:39 -0700 (PDT) Received: from [10.0.0.198] ([66.172.99.113]) by smtp.gmail.com with ESMTPSA id u14sm2981579pfc.203.2020.09.09.06.28.38 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 09 Sep 2020 06:28:38 -0700 (PDT) To: Bitcoin Protocol Discussion From: Braydon Fuller Autocrypt: addr=braydon@purse.io; keydata= LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkZzRWthc0JFQUM0 b1BKUXNGV0FNME9qTkpsWVV4SmJUVjhibzFUZ1h3WmROWldld0c2ZnZRUStpR0dJCm15L2E1 aDEwLzlWKy9DdGlvOGF5QWZwazZWM3ovdnhxOElkUFZjc1djY0hMbmd1YUFFRWhZbktkR1pm c29oY1EKTU80TFI2M1I2dlByVVlVSmVoVnp0MllaNUY0OTVpUkRLd2JRTFhibVhGOXZMdGFL dWYvNmhiVm1sRzdiTTU5ZQpWS2N2cEU4RUttOTVMcHcrQ0JFM3VLYzNSeFRjS0hnbzZRcmtD bG0xOUdORERrbUh4TS9rK2hHVDNNK3NYR2hnCnBMMjk0MEFHS3NYdVRQZ2hnTFErNXNlQld0 enVXVjMxVWYwbHRIeDZLczF3MG1sZ1paK3U0d2xsak1ISUJLTHIKNGNZRE9GOEFZeHlWY1B6 dVFMZFJqSUlLRWdwTURRVzdmdGJnR00vcWhnR2cybU4wMzZLVFVmVDFIa21UODJaMwpEM3o0 QUNKL2JZL0orbUp3MGJhcWNKcGV6bmRkMU02ZG5ETkY5U2xzdDJNcitMb2VKZE4xdFk1a2s2 L09Xd0FJCjVMMTVobWRpUldVQnJ5SnF1bjdzeTIzY21WUFNPcnRhSWZsNy9TRUZKK011WGJL NTMrbUZHVDJQQ3BkUnpWNE0KcktyOXFiQmFYa2todkVmb0wyejZWd0lGQnBycVpqdGhQSGNI UjhyNlFTVHBaZHNEKzcrcW9xMm80TURVcVA1NAo1YTNrR0kzbDZWVzc2N1ZFL05VSW9jeU83 WjlEL0VaT0NrMjJFbFRMVEN6V20wSnZ4eEdKb2FsZWJMUWNHZXkvCkE5V1dHT3YveWR3dlRy eTNQV0F6cnJYTnQ0M01jSEh3WlhVNHZTTG5BdEF4UXkwNk50OXdzV28rMlFBUkFRQUIKdENG Q2NtRjVaRzl1SUVaMWJHeGxjaUE4WW5KaGVXUnZia0J3ZFhKelpTNXBiejZKQWxRRUV3RUlB RDRDR3dNRgpDd2tJQndJR0ZRZ0pDZ3NDQkJZQ0F3RUNIZ0VDRjRBRkNRVlp2cGdXSVFSYmZj V05rUDdCNlpDakVMcnlUeU10CkVJczYxQVVDWG90VmJBQUtDUkR5VHlNdEVJczYxTVVJRC80 blpZN0lDeUhock1iNDNaOEcrVE45TzE1WlFON2sKWlNzZ2hWeWxpcW15cE1lNWFGOWNkbFUz a1VkR1BEbUVuWjgweTc1bmZheXFpdlpCOG1HYXFJSTkycXVLNFJ2TQphc0kzdlQ5Rkl0Z2g4 Nkh6NWRHa1g4eGVEZms0SkNmWml0SUQydDJVdUR1Z3JGc2VFMVE4OTJsZ21NcGZQQ3VoCk5I NWxDWnUzVjNnNFJDdlAxd1Jjd09XY0dXU0wwR0pvOHJrRS9tYzBKS0NGNDdwbDFFUWVRUVp5 czIxTHBOTnYKWmFMVHJoQUpPdDFIRXBheUlxdXFKTzA4TzBMZGErelF1Z2szV0hHWUNyeXlJ ZFdiSWljdUFsbmowa0J1ajZKagpFdVphNFNRdE0wenF5QzNCbmIzdXBBSkNGOVdmL1lUcyts cUJTNW96ekxkTXJRSlo5VTE4VmxUZCtZeU9icjFBCkY0UW5xT1g2aDJlNE02KzZuOWlIdU9o eWlEdTI4cms2dU9sY1lOQTVXcm9mV0dFK1AyYS9zOExGOGxEZ1BtQlIKMjNmT0hrSmFtK2FB U1R6VVVJSC9GM0NqbkhkTzU1cHJDWDRPOUJWc2FOR2J6WHRhMzFYVnZQbE1qQXpPc3ZWegpT SitzUjRvMjkyVjE3THdkZU11OUFNK3c1YSt3Yk5kVnA2OEtmRnh2OTliaSs0QWgvNlVrQ2Js dHdQWkJqVS9nClp1WGhXM2s0Z3J6a3pwdmd1U3JEU1NHNzdDNC9QTjB4aFFRMTVlaEdlQkNl YWd2Ui9EZWxRQnkwMUYvTC9NV3EKSkJZTTVwN3ptR1htSlJXTWRNMDlDMThBc1NVZnMySWxl dnN4a3RJWFQzSUFsVU9wdG14RlJTRWlLSERwNlJ2NgpweWM2TWJSWWZGN1BGYlFrUW5KaGVX UnZiaUJHZFd4c1pYSWdQR052ZFhKcFpYSkFZbkpoZVdSdmJpNWpiMjArCmlRSllCQk1CQWdC Q0Foc0RCZ3NKQ0FjREFnWVZDQUlKQ2dzRUZnSURBUUllQVFJWGdBVUpCVm0rbUJZaEJGdDkK eFkyUS9zSHBrS01RdXZKUEl5MFFpenJVQlFKZWkxVnlBaGtCQUFvSkVQSlBJeTBRaXpyVTVJ Y1AvMXVmOUlrQgpsd2h3TG5CUjQ2QkM5NTgyOVN3MnBzTTZYTDZ6OXIrVUtmUTFSdm9pTDQ5 V2FzU1Z6QUJGVjlnNVhRbllUajVVCkgrTnFTK29lTXlScTl0d1Avb3JFN2crVDRTNzRpaGFx YzFhZTZmY3pNaDRIc3NkbmtyZ2FLbTVoRXEzQjh1V08KNzRSaHRJUnczUVpzM2lqSHoxU2w3 K1NzNklEOC9IbHFGRzNQaGhJQ2hFU2xna1gwQXlRSHV0ZkwzTmhGTFU5VAo1MU9RSFoyUTBG NUo5cFgxY0JPSlR5WHNwUHppLzhUdWdWcHNqcC9LdVpWbjg2WjhIVksraFhIWCs5bVV0emZy CnQweG91RGJRUHFlN1hRbDBJdnJpVVpaTWhFOXdOMEpMRHljTFhlLzl5RFppRGFsRUV0RENR ZXBpcGx2STdMRlQKRGw3cHArU2xKQWFNMm9RbFRQUGg3a2M4ZThwWnNmQUo2clZKTTlheFUr am0rNFRacFdSUm8rK3NIY00xY2VnZQo5MVI3VnRkREN6cGJRYys3Ymtpa3VHRk9sYkw5OFY5 U2daWVVxWkQrbkI0MC9xeldxQkM5RGU5YWdZWUMxaFhWCmo2YnUvTHhOV0NYZis2YnpKVWJN aWZJc2JBNWhKZzRTbTlVTGFCV0M3eE1WUzFjSE9TSU9iaFl1aVU1Ny9HekkKRW5SMVo5YjU1 UHYwV3IwelJjRW9aM3dSUG5hMzZ4bHU5YXRiSXBuRFQ1VTNSclB1TTdXWWdnWEZaMDRkMm5F TQpndnpYZk5BR2IvMG51K1kxZmwrbjJDYkJIenFleGFTckpYQUw3QjlBbmhock1ETGJxMk51 aVk0dnk5YWFDTFZFCnZvcWpKRzBFQXJacG1BMkt4UG03ZmQrNWJNY1hsb2RsZEFiL3VRSU5C RnNFa2FzQkVBRGY1SlYwRWxST0dNL0gKOG5rYmdEVjEzYThwVkZHbXRiNm5JblJjTnMydEZV NFNmR3ZlaVRQWVhnZTJEdmFoUXZDdzF5NEthQVhFT1hFZwpVeUszTmtCWnU0dCtyMFZIdXlk cGJjOHlXU1BqaDU3T3JkNlpoZFcvY0xlVnpveTUwQTZxUkFvM05xVEpvRC9wCncxV1ZDZFdh dWx5MmtVZTFRMktoNks4ejBoNEkvbmF4eE1memlwNUZtaCthZDUxemNVREVvd24wNW1MZ3lL S0MKeDM4T0hPRlNwc0I0K3NJeVZCQ3d6OGRkSTJ6YXFnd3JjR2pxVndmTlh1cklqM0RYMjJZ V2k1ZlRwUXVjQUF6VgowbGx3SlF2ZlVVdTFvaXNadHhjRDczMXJ4MlU1UnZyeXVQMzBmZFhm TU9NbXh3TUdBbmFiT0s2NUwrZG9iODByCjVGV0ZXSGNxcTFXSUxyYWNhQURXMUxWb3NwbnNv TjdMTzdnV0lUWnNJK0hwdmdpVWhDS1BPckJQSThtMzdReTUKL1lWakdLdjBiQ0F5ZFdvbjk5 aHBQcnZWRUp4U3VTcmFTdFhOMGVyOGRmc0R3Zko5KzF3RXdTM2pKa20zOXRudQp2TEpZbncr VkFrL2NjYXJQNkdrZWJDdkNZbUNQbEZ1YVMxVXpEZEVBU0trbXNRY1BWRHZBaUU4MWluTG9V akFXClVQSENsUkE1UmdZUmxqREQwdEZtSnFrM1FWNE53V25vSlF4R0FrZmJobERNV1R3bmsz ZzhETm1zaGw5QnRydlYKc01EUGYzVFk4TzNycXFJaUliYWE1TnQzeDRoNExQSDFIRmFFT1pC eVhOZWZsYkY4OVRxWFFUMDJBczBXZzBLbQprdHBQUFpMOGJIQm5PdEoyNHd0OVdXRW84T08v WVFBUkFRQUJpUUlsQkJnQkFnQVBCUUpiQkpHckFoc01CUWtCCjRUT0FBQW9KRVBKUEl5MFFp enJVd3VvUC8yOHhjdEdGN25EcWdFcTR2UzJQNEtFdUdSQVF6cnBEczdpNnRhYSsKWHpKLzlP RTJMVDh2SjBZQmhyQUpSYTUzYW1GbzZEaThmUWhTOVNHVXNORnhoell4MS9BbUx4cVB3YnRn TDg1UQpyREFVTjlqSmozTWlUVUxuSmVmb3VLQ1NNNHZRL0pnalF3emFDVHJpMzg4cjVHZkx5 UFBwQ1BCbmdBeXloT21qCnIzd3RKaExzdHk4NFJPbjdmTFBRdGkyUTgvZm9XcWdiYUc1Mk9I VFhrYVFOSWdkWnlTaTNoTWxjcnc0NGM2NHIKQlRQWisxNGF3VjR6aHVaT0lDc0pGZXdDUkZh alJWc0RxRStLY3JSbXYvRXMxSmdqSDNnaGQ3bXIwaEpsenB4Ngo1YktLeFd4Um5GU0Fra2JJ MUs5ZGZESGpPaEpMc0ZmSk9qdXpLT2twM1QyZUVJdmRBWis0ZTZBbi9YOE1KbzIwCnBTN1lM NnRSN1ZUSHIrcTE0SlZTd0F6NXNOOE1GRCs5TFcyZktmMDVVRk01bXBlOEtFdmgvNHdBM1pi Q3ovNHUKWEhBT29ZeGZwZ0w5a0ZZem5wY1lDa3ZYT1AzZWZLREZzM3l6ekplcW94QTJDRk9Q Q1AwaXJKbzFCd283OEN5VgpLWVdWYnBGZlBWaEVOUGlaSXAwQ2lCdDBPcWFDNFp6VG1SUm81 S1NwSnZSc3ZmaUpEOTJiZy9KWEdOSVpJTkd2CnhOQTZOQWJQU3RJU0hwRDR0bjNOR1cyU1lR eVIyVEpaQm5pMWl3RnRDL1pOVDYwSjhvd2hRSm52RVFlNitNQXAKa2lhejBTdXpmTlZMNDl4 R3YyTHFhOHkxczB5NTgvMHpCTEhzK3F3ZTYvODlaMmdqZTdCcWZGak9UVVpNc0FzeQp6TGFK aVFJOEJCZ0JBZ0FtQWhzTUZpRUVXMzNGalpEK3dlbVFveEM2OGs4akxSQ0xPdFFGQWw1OUhN a0ZDUVZaCnZwNEFDZ2tROGs4akxSQ0xPdFFPeGcvNkFqWWoxUlFHL25yTktBNFQ5cnYrV2tr MFo1dXRqTERYa2NmQjV2TTgKa0ZwMCtTTnBWMmVRMmlRTTZXWTRCUVBweTBZTXVuSGVOVmJ5 SHVPZzI2UEluUGc0WWdSZXpvUXhIbmdBdHJqLwowV1BKSXhodHRoWXNSODRhbXZ0TEJ3MWFs T3VRU1daQVNYRUdFcmgrTkQrNFB0N0dobWxEODhROWxmWXpGZHhJCk43V1YxdFBBVHBQeCta M1ljTllaWGQydkswVmluTG9odk4wdW1iOGd2ZUZDVkhYaWliYjZzcFI4Q0VQTVRvSEkKc1JU VWo1S3JEWmhmbUduY0Qrc0NySFNXVDlSbHh2TkZpRjI5RFdzKzdudUJCYU5QQ3hYMHozeTZJ aVg0aFVsaApkcUFOeVR1cHVSaVlGUFpIWjBMSFFzeDQ2WjJjVXE1enQwMUJwV1NCWHlKeEJj TVY3SGtWT2J3ZzJaTVJGbGNJCkRGYy9aWTBWbmlmSDlWRHFpaWZKelhtNUkxaWE1SXU2R3M2 ZXRlZnZGdHQ2QlFKcXd0MlBNcENDOG53dDE3eDEKVlFuZVk4OVZmTTROczlPeC9IU01zODFZ U2wyKzZDSXQxVjVNeGtMYzMxeEJCNXZKTUhsRTRFM0g3VnVidjRicQoyWUxnY29nSlN6WkZv ZDRQUHY1ZkIzbTYybjV3U1R6M2todjBiVVhGOUN2dUxLNkk0dXdpUnBCNHhLRlRSZjZTCm5m RTNzaUcwVWlidFl1cE1wLzJ5RmYrWUpiVVlEZk1XUjhwZWNTRzFJemVjQ3dFNHptU2F6TFN3 czFMc1pYQnAKUVd5U0JvaVBCeEU1akYzOEYvRkRyMll4VEdqNU1KaXRzTUloNkFoZnlCNG1o OW8yVzBlYnh4K2YyNXh4aGZydwpuekk9Cj16T0twCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZ IEJMT0NLLS0tLS0K Message-ID: Date: Wed, 9 Sep 2020 06:28:38 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US X-Mailman-Approved-At: Wed, 09 Sep 2020 13:42:02 +0000 Subject: [bitcoin-dev] CVE-2018-17145: Bitcoin Inventory Out-of-Memory Denial-of-Service Attack X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Sep 2020 13:33:45 -0000 Hi everyone: We would like to share a paper and website for CVE-2018-17145 that was found in mid-2018. There was an easily exploitable uncontrolled memory resource consumption denial-of-service vulnerability that existed in the peer-to-peer network code of three implementations of Bitcoin and several alternative chains. For more details please see: https://invdos.net/ For the paper: https://invdos.net/paper/CVE-2018-17145.pdf Best, Braydon Fuller