Disclosure of crash using malicious BIP72 URI



Bitcoin-Qt could crash upon opening a BIP72 URI.

This issue is considered Medium severity.

Details

BIP72 extends the BIP21 URI scheme
with an r parameter to fetch a payment request from. An attacker could simply point the URL
contained in the r parameter to a very large file, for which Bitcoin-Qt would try to allocate
enough memory and crash.

The victim could get tricked into opening a rogue payment request. The large download would happen
in the background with little to no output in the GUI until the application runs out of memory.

Attribution

Credits go to Michael Ford (Fanquake) for responsibly disclosing the issue and providing a PoC.

Timeline

2019-08-12 Michael Ford reports the bug to Cory Fields and Wladimir Van Der Laan
2019-10-16 Michael Ford opens PR #17165 to get rid of BIP70 support entirely
2019-10-26 Michael’s PR is merged into Bitcoin Core
2020-06-03 Bitcoin Core version 0.20.0 is released
2021-09-13 The last vulnerable Bitcoin Core version (0.19.x) goes EOL
2024-07-03 Public disclosure


Related posts:

  1. Solana Price Surges Beyond $100, Dethroning Ripple and BNB To Secure Fourth Place
  2. Kèo chấp 1/ 4 là gì? Cách đọc kèo 0.25 chi tiết nhất Bongdadzo
  3. Solana Price Climbs to Yearly High, Outshining Rivals Dogecoin and Cardano
  4. Solana (SOL) manoeuvres into pole position ready for bull market surge