CVE-2023-50428

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*
cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:36

Type Values Removed Values Added
References () https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures - Third Party Advisory () https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures - Third Party Advisory
References () https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53 - () https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53 -
References () https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799 - Issue Tracking () https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799 - Issue Tracking
References () https://github.com/bitcoin/bitcoin/tags - Product () https://github.com/bitcoin/bitcoin/tags - Product
References () https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md - Release Notes () https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md - Release Notes
References () https://twitter.com/LukeDashjr/status/1732204937466032285 - Issue Tracking, Third Party Advisory () https://twitter.com/LukeDashjr/status/1732204937466032285 - Issue Tracking, Third Party Advisory

04 Jan 2024, 17:15

Type Values Removed Values Added
Summary (en) In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. (en) In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
References
  • () https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53 -

11 Dec 2023, 17:50

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Bitcoinknots bitcoin Knots
Bitcoinknots
Bitcoin bitcoin Core
Bitcoin
References () https://github.com/bitcoin/bitcoin/tags - () https://github.com/bitcoin/bitcoin/tags - Product
References () https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799 - () https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799 - Issue Tracking
References () https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md - () https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md - Release Notes
References () https://twitter.com/LukeDashjr/status/1732204937466032285 - () https://twitter.com/LukeDashjr/status/1732204937466032285 - Issue Tracking, Third Party Advisory
References () https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures - () https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures - Third Party Advisory
CPE cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*
cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3

09 Dec 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-09 19:15

Updated : 2024-11-21 08:36


NVD link : CVE-2023-50428

Mitre link : CVE-2023-50428

CVE.ORG link : CVE-2023-50428


JSON object : View

Products Affected

bitcoin

  • bitcoin_core

bitcoinknots

  • bitcoin_knots