CVE-2018-17145

HIGH EPSS 87.4%
Published Sep 10, 20205y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Sep 10, 2020 5y ago
Last Modified Jun 17, 2026 2w ago

Description

Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
87.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-400 Uncontrolled Resource Consumption Resource Mgmt

Affected Products 24

VendorProductVersionRange
bcoinbcoin* <1.0.2
bitcoinbitcoin_core*≥0.16.0  –  <0.16.2
bitcoinknotsbitcoin_knots*≥0.16.0  –  <0.16.2
btcd_projectbtcd0.3.0any
btcd_projectbtcd0.3.1any
btcd_projectbtcd0.3.2any
btcd_projectbtcd0.3.3any
btcd_projectbtcd0.4.0any
btcd_projectbtcd0.5.0any
btcd_projectbtcd0.6.0any
btcd_projectbtcd0.7.0any
btcd_projectbtcd0.8.0any
btcd_projectbtcd0.9.0any
btcd_projectbtcd0.10.0any
btcd_projectbtcd0.11.0any
btcd_projectbtcd0.11.1any
btcd_projectbtcd0.12.0any
btcd_projectbtcd0.13.0any
btcd_projectbtcd0.13.0any
btcd_projectbtcd0.20.0any
btcd_projectbtcd0.20.1any
decreddcrd* <1.5.2
litecoinlitecoin*≥0.16.0  –  <0.16.2
namecoinnamecoin_core*≥0.16.0  –  <0.16.2

References 4

  • en.bitcoin.it https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145
    Vendor Advisory
  • github.com https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md
    Release NotesThird Party Advisory
  • invdos.net https://invdos.net
    Third Party Advisory
  • invdos.net https://invdos.net/paper/CVE-2018-17145.pdf
    ExploitTechnical DescriptionThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.