CVE-2018-17144

HIGH IN THE WILD

Bitcoin Core <0.14.3, 0.15.x <0.15.2, 0.16.x <0.16.3 - DoS

Title source: llm

Description

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

Exploits (2)

nomisec WORKING POC 9 stars

by hikame · poc

https://github.com/hikame/CVE-2018-17144_POC

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by iioch · poc

https://github.com/iioch/ban-exploitable-bitcoin-nodes

View Code ZIP pw:eip

References (5)

[Vendor Advisory] https://bitcoincore.org/en/2018/09/18/release-0.16.3/

[Third Party Advisory] https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144

[Third Party Advisory] https://github.com/JinBean/CVE-Extension

[Patch, Third Party Advisory] https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md

[Patch, Third Party Advisory] https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md

Scores

CVSS v3 7.5

EPSS 0.5147

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

InTheWild.io 2018-09-25

Status published

Products (2)

bitcoin/bitcoin_core 0.14.0 - 0.14.3

bitcoinknots/bitcoin_knots 0.14.0 - 0.16.3

Published Sep 19, 2018

Tracked Since Feb 18, 2026