CVE-2018-20587

NameCVE-2018-20587
DescriptionBitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bitcoin (PTS)sid0.18.0~dfsg-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bitcoinsource(unstable)(unfixed)low

Notes

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587

Search for package or bug name: Reporting problems