Bitcoin Client Fixes DoS Bug

Thursday, September 5, 2013 @ 05:09 PM gHale


The developers behind Bitcoin-QT, a software wallet used to protect and back up Bitcoin currency, have a new version of the client, fixing some security issues like a critical denial-of-service (DoS) bug.

Version 0.8.4 of the original Bitcoin client posted to SourceForge and anyone running an out of date version can update by either running the Windows installer or copying over the new code on Mac and Linux builds.

RELATED STORIES
Patch Ready for Bitcoin Wallet Hole
Android, Bitcoin Security Concern
Skype Malware Helps Mine for Bitcoins
Mobile Alert: Android Woes Continue

According to the update summary, an attacker could have sent a series of messages that would have resulted in an integer division-by-zero error in the Bloom Filter handling code. This DoS bug would have forced versions 0.8.0 through 0.8.3 of the program to crash.

The update also adds a constant-time algorithm to check RPC password guess attempts (CVE-2013-4165) and a fix for the fill-memory-with-orphan-transactions attack (CVE-2013-4627) that opened new vectors of attack by a previous buggy patch.

Bitcoins, the decentralized virtual currency that popped into the cultural mainstream this summer has already proved a popular target for attackers. Hackers knocked the Mt. Gox trading exchange offline in April.



Leave a Reply

You must be logged in to post a comment.