CVE-2013-2272

Bitcoin-Qt < 0.4.8 - Unauthorized Wallet Address and IP Association via Penny-Flooding Bypass

Title source: llm
STIX 2.1

Description

The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees.

References (2)

Core 2
Core References
Various Sources x_refsource_confirm
https://bitcointalk.org/?topic=135856
Third Party Advisory x_refsource_confirm
https://en.bitcoin.it/wiki/CVEs

Scores

EPSS 0.0189
EPSS Percentile 77.1%

Details

CWE
CWE-200
Status published
Products (48)
bitcoin/bitcoin-qt 0.4 rc4
bitcoin/bitcoin-qt 0.5.0 rc1
bitcoin/bitcoin-qt 0.5.0.4
bitcoin/bitcoin-qt 0.5.1 rc1
bitcoin/bitcoin-qt 0.5.3.0
bitcoin/bitcoin-qt 0.5.7
bitcoin/bitcoin-qt 0.6.0.10 rc4
bitcoin/bitcoin-qt 0.6.3
bitcoin/bitcoin-qt 0.7.0 rc1
bitcoin/bitcoin-qt 0.7.1
... and 38 more
Published Mar 12, 2013
Tracked Since Feb 18, 2026