CVE-2018-20586
MEDIUMBitcoin Core - Arbitrary Data Injection into Debug Log via RPC Call
Title source: llmDescription
bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_misc
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586
Scores
CVSS v3
5.3
EPSS
0.0106
EPSS Percentile
60.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-116
Status
published
Products (18)
bitcoin/bitcoin_core
0.12.0 rc1 (5 CPE variants)
bitcoin/bitcoin_core
0.12.1 (3 CPE variants)
bitcoin/bitcoin_core
0.13
bitcoin/bitcoin_core
0.13.0 (4 CPE variants)
bitcoin/bitcoin_core
0.13.1 (4 CPE variants)
bitcoin/bitcoin_core
0.13.2 (2 CPE variants)
bitcoin/bitcoin_core
0.14.0 (4 CPE variants)
bitcoin/bitcoin_core
0.14.1 (3 CPE variants)
bitcoin/bitcoin_core
0.14.2 (3 CPE variants)
bitcoin/bitcoin_core
0.14.3
... and 8 more
Published
Mar 12, 2020
Tracked Since
Feb 18, 2026