Jump to:

CVE-2021-3401

Jump to:

CVE-2021-3401

Package bitcoin updated to version 0.19.0-alt1 for branch sisyphus in task 240545.

Published: 2021-02-04
Modified: 2024-11-21

CVE-2021-3401

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited."

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

https://achow101.com/2021/02/0.18-uri-vuln
https://achow101.com/2021/02/0.18-uri-vuln
https://github.com/bitcoin/bitcoin/pull/16578
https://github.com/bitcoin/bitcoin/pull/16578

Version: 2.1.0

Package bitcoin update in sisyphus on 2019-11-11

ALT-PU-2019-3115-1

Closed vulnerabilities

CVE-2021-3401