could anyone kindly give an example or more info about what happened in 2010, try to understand this vulnerability when concatenate and execute unlocking and locking scripts, thanks
Hi,
Here you can see a list of all Bitcoin CVEs, including the
one you are talking about.
To understand what happened in CVE-2010-5141 you need to understand Script execution and
OP_PUSHDATA. When validating a script, bitcoin-core used to use a stack and fusion
script_sig with
script_pubkey onto it, which led to a stack being :
<OP_CODEs from scriptsig><OP_CODEs from scriptpubkey>
You could simply use an
OP_PUSHDATA in
script_sig, which would push the
scriptpubkey onto the stack without executing it.
The scriptpubkey not executed resulting in conditions under which you can spend the output that are not set. Thus you could spend any output using
OP_PUSHDATA. Now, the code executes
script_sig on a stack, copy it (to
stackCopy), then executes
script_pubkey on stack (the first one).
Here is the link to the function evaluating the script.