CVE-2024-38365

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-38365
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38365.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-38365
Aliases
Related
Published
2024-10-11T20:15:04Z
Modified
2024-10-15T19:12:16.022529Z
Summary
[none]
Details

btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn't return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a "standard" Bitcoin transaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block. removeOpcodeByData(script []byte, dataToRemove []byte) removes any data pushes from script that contain dataToRemove. However, FindAndDelete only removes exact matches. So for example, with script = "<data> &lt;data||foo>" and dataToRemove = "data" btcd will remove both data pushes but Bitcoin Core's FindAndDelete only removes the first <data> push. This has been patched in btcd version v0.24.2. Users are advised to upgrade. There are no known workarounds for this issue.

References

Affected packages

Git / github.com/btcsuite/btcd

Affected ranges

Type
GIT
Repo
https://github.com/btcsuite/btcd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

BTCD_0_10_0_BETA
BTCD_0_11_0_BETA
BTCD_0_11_1_BETA
BTCD_0_12_0_BETA
BTCD_0_3_0_ALPHA
BTCD_0_3_1_ALPHA
BTCD_0_3_2_ALPHA
BTCD_0_3_3_ALPHA
BTCD_0_4_0_ALPHA
BTCD_0_5_0_ALPHA
BTCD_0_6_0_ALPHA
BTCD_0_7_0_ALPHA
BTCD_0_8_0_BETA
BTCD_0_9_0_BETA

btcec/v2.*

btcec/v2.0.0
btcec/v2.1.0
btcec/v2.1.1
btcec/v2.1.2
btcec/v2.1.3
btcec/v2.2.0
btcec/v2.2.1
btcec/v2.3.0
btcec/v2.3.1
btcec/v2.3.2

btcutil/psbt/v1.*

btcutil/psbt/v1.0.0
btcutil/psbt/v1.1.0
btcutil/psbt/v1.1.1
btcutil/psbt/v1.1.2
btcutil/psbt/v1.1.3
btcutil/psbt/v1.1.4
btcutil/psbt/v1.1.5
btcutil/psbt/v1.1.6
btcutil/psbt/v1.1.7
btcutil/psbt/v1.1.8
btcutil/psbt/v1.1.9

btcutil/v1.*

btcutil/v1.0.0
btcutil/v1.1.0
btcutil/v1.1.1
btcutil/v1.1.2
btcutil/v1.1.3
btcutil/v1.1.4
btcutil/v1.1.5

chaincfg/chainhash/v1.*

chaincfg/chainhash/v1.0.0
chaincfg/chainhash/v1.0.1
chaincfg/chainhash/v1.0.2
chaincfg/chainhash/v1.0.3
chaincfg/chainhash/v1.1.0

v0.*

v0.20.0-beta
v0.20.1-beta
v0.21.0-beta
v0.22.0-beta
v0.23.0
v0.23.1
v0.23.2
v0.23.3
v0.23.4
v0.24.0
v0.24.2-beta.rc1