July 11, 2024

Discussing Pre-0.21.0 Bitcoin Core Vulnerability Disclosures

Listen Later

51 minutes

Brink engineers Gloria Zhao and Niklas Gögge talk through the recently disclosed Bitcoin Core pre-0.21.0 vulnerabilities.

(0:00) - Introductions and motivation for disclosures

(3:17) - Absolute value of a signed integer leads to rejection of all blocks

(13:50) - Too many misbehaving peers leads to DoS

(21:17) - Nested loop without deduplication leads to stalling

(27:34) - Vulnerability in dependency leads to potential RCE

(34:17) - Large memory allocation in peer receiver buffer and send buffer

(35:41) - Payment request fetch causes mysterious crashing

(37:39) - Misordered logic permits download of blocks bypassing checkpoints

(42:21) - Lessons learned from these disclosures

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

The Bitcoin Development Podcast

By Brink

5

44 ratings

July 11, 2024

Discussing Pre-0.21.0 Bitcoin Core Vulnerability Disclosures

Listen Later

51 minutes

Brink engineers Gloria Zhao and Niklas Gögge talk through the recently disclosed Bitcoin Core pre-0.21.0 vulnerabilities.

(0:00) - Introductions and motivation for disclosures

(3:17) - Absolute value of a signed integer leads to rejection of all blocks

(13:50) - Too many misbehaving peers leads to DoS

(21:17) - Nested loop without deduplication leads to stalling

(27:34) - Vulnerability in dependency leads to potential RCE

(34:17) - Large memory allocation in peer receiver buffer and send buffer

(35:41) - Payment request fetch causes mysterious crashing

(37:39) - Misordered logic permits download of blocks bypassing checkpoints

(42:21) - Lessons learned from these disclosures

...more