Upstream information

CVE-2018-17144 at MITRE

Description

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v3 Scores
  SUSE
Base Score 7.4
Vector AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Access Vector Network
Access Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact None
Integrity Impact High
Availability Impact High
SUSE Bugzilla entry: 1108992 [IN_PROGRESS]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 15.0
  • bitcoin >= 0.16.3-lp150.2.3.1
  • bitcoin-debuginfo >= 0.16.3-lp150.2.3.1
  • bitcoin-debugsource >= 0.16.3-lp150.2.3.1
  • bitcoin-qt5 >= 0.16.3-lp150.2.3.1
  • bitcoin-qt5-debuginfo >= 0.16.3-lp150.2.3.1
  • bitcoin-test >= 0.16.3-lp150.2.3.1
  • bitcoin-test-debuginfo >= 0.16.3-lp150.2.3.1
  • bitcoin-utils >= 0.16.3-lp150.2.3.1
  • bitcoin-utils-debuginfo >= 0.16.3-lp150.2.3.1
  • bitcoind >= 0.16.3-lp150.2.3.1
  • bitcoind-debuginfo >= 0.16.3-lp150.2.3.1
  • libbitcoinconsensus-devel >= 0.16.3-lp150.2.3.1
  • libbitcoinconsensus0 >= 0.16.3-lp150.2.3.1
  • libbitcoinconsensus0-debuginfo >= 0.16.3-lp150.2.3.1
Patchnames:
openSUSE-2018-1098
openSUSE Leap 42.3
  • bitcoin >= 0.16.3-7.3.1
  • bitcoin-debugsource >= 0.16.3-7.3.1
  • bitcoin-qt5 >= 0.16.3-7.3.1
  • bitcoin-qt5-debuginfo >= 0.16.3-7.3.1
  • bitcoin-test >= 0.16.3-7.3.1
  • bitcoin-test-debuginfo >= 0.16.3-7.3.1
  • bitcoin-utils >= 0.16.3-7.3.1
  • bitcoin-utils-debuginfo >= 0.16.3-7.3.1
  • bitcoind >= 0.16.3-7.3.1
  • bitcoind-debuginfo >= 0.16.3-7.3.1
  • libbitcoinconsensus-devel >= 0.16.3-7.3.1
  • libbitcoinconsensus0 >= 0.16.3-7.3.1
  • libbitcoinconsensus0-debuginfo >= 0.16.3-7.3.1
Patchnames:
openSUSE-2018-1098