|
Title: Where could I get more info regarding "CVE-2012-3789" vulnerability? Post by: Come-from-Beyond on October 02, 2012, 03:19:47 PM https://en.bitcoin.it/wiki/Incidents#CVE-2012-3789
Quote Summary: To Be Disclosed Any ideas where I could get more info? I found only Quote Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network. I suspect that my Bitcoin client hangs due to this bug, so I'd like to know how to reproduce it to fix it by myself. Title: Re: Where could I get more info regarding "CVE-2012-3789" vulnerability? Post by: Sergio_Demian_Lerner on October 02, 2012, 10:17:02 PM As the vulnerability CVE-2012-3789 that I found was fixed in recent versions, you can try to upgrade and check if the problem is still present.
Also you can reconnect to a different set of peers (without accepting incoming connections). The possibility that you're still under attack after reconnection is very low. But if you still think you're under some kind (known or unknown) of attack, maybe you can send your debug.log file to one or the core developers for examination. Best regards, Sergio. |