Avsnitt Discussing Pre-0.21.0 Bitcoin Core Vulnerability Disclosures The Bitcoin Development Podcast Spela Dela
Brink engineers Gloria Zhao and Niklas Gögge talk through the recently disclosed Bitcoin Core pre-0.21.0 vulnerabilities. (0:00) - Introductions and motivation for disclosures (3:17) - Absolute value of a signed integer leads to rejection of all blocks (13:50) - Too many misbehaving peers leads to DoS (21:17) - Nested loop without deduplication leads to stalling (27:34) - Vulnerability in dependency leads to potential RCE (34:17) - Large memory allocation in peer receiver buffer and send buffer (35:41) - Payment request fetch causes mysterious crashing (37:39) - Misordered logic permits download of blocks bypassing checkpoints (42:21) - Lessons learned from these disclosures Rss Apple Podcaster →