CVE-2012-4684
Severity CVSS v4.0:
Pending analysis
Type:
CWE-399
Resource Management Errors
Publication date:
12/03/2013
Last modified:
11/04/2025
Description
The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert.
Impact
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://bitcointalk.org/index.php?topic=148109.0
- https://bitcointalk.org/index.php?topic=8392.0
- https://en.bitcoin.it/wiki/CVE-2012-4684
- https://en.bitcoin.it/wiki/CVEs
- https://bitcointalk.org/index.php?topic=148109.0
- https://bitcointalk.org/index.php?topic=8392.0
- https://en.bitcoin.it/wiki/CVE-2012-4684
- https://en.bitcoin.it/wiki/CVEs