CVE-2015-6964

{"id": "CVE-2015-6964", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-09-25T05:15:10.243", "references": [{"url": "https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-697"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-697"}]}], "descriptions": [{"lang": "en", "value": "MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC)."}, {"lang": "es", "value": "MultiBit HD anterior a la versi\u00f3n 0.1.2 permite a los atacantes realizar ataques de bit-flipping que insertan direcciones de Bitcoin no utilizables en la lista que utiliza MultiBit para enviar multas a los desarrolladores. (En realidad, los atacantes no pueden robar estas \"multas\" para s\u00ed mismos). Esto ocurre porque no existe un c\u00f3digo de autenticaci\u00f3n de mensajes (MAC)."}], "lastModified": "2024-11-21T02:35:57.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:multibit:multibit_hd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C29BB444-01F8-4CBA-9BB4-9F59FE2455CB", "versionEndExcluding": "0.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}