CVE-2023-33297 - OpenCVE

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bitcoin	Bitcoin Core

Configuration 1 [-]

cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md
https://github.com/bitcoin/bitcoin/issues/27586
https://github.com/bitcoin/bitcoin/issues/27623
https://github.com/bitcoin/bitcoin/pull/27610
https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544
https://github.com/visualbasic6/drain
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/
https://x.com/123456/status/1711601593399828530

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-05-22T00:00:00

Updated: 2024-08-02T15:39:36.328Z

Reserved: 2023-05-22T00:00:00

Link: CVE-2023-33297

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-05-22T05:15:09.460

Modified: 2023-11-07T04:14:49.637

Link: CVE-2023-33297

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-33297", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T15:39:36.328Z", "dateReserved": "2023-05-22T00:00:00", "datePublished": "2023-05-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-12T15:25:24.022348"}, "descriptions": [{"lang": "en", "value": "Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"}, {"url": "https://github.com/bitcoin/bitcoin/issues/27586"}, {"url": "https://github.com/bitcoin/bitcoin/issues/27623"}, {"url": "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md"}, {"url": "https://github.com/bitcoin/bitcoin/pull/27610"}, {"name": "FEDORA-2023-1bae6b7751", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/"}, {"name": "FEDORA-2023-3317c9b824", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/"}, {"url": "https://github.com/visualbasic6/drain"}, {"url": "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544"}, {"url": "https://x.com/123456/status/1711601593399828530"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:39:36.328Z"}, "title": "CVE Program Container", "references": [{"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", "tags": ["x_transferred"]}, {"url": "https://github.com/bitcoin/bitcoin/issues/27586", "tags": ["x_transferred"]}, {"url": "https://github.com/bitcoin/bitcoin/issues/27623", "tags": ["x_transferred"]}, {"url": "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md", "tags": ["x_transferred"]}, {"url": "https://github.com/bitcoin/bitcoin/pull/27610", "tags": ["x_transferred"]}, {"name": "FEDORA-2023-1bae6b7751", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/"}, {"name": "FEDORA-2023-3317c9b824", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/"}, {"url": "https://github.com/visualbasic6/drain", "tags": ["x_transferred"]}, {"url": "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544", "tags": ["x_transferred"]}, {"url": "https://x.com/123456/status/1711601593399828530", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD299C72-AD8C-479D-9606-2CE3FEA945FB", "versionEndExcluding": "24.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023."}], "id": "CVE-2023-33297", "lastModified": "2023-11-07T04:14:49.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-22T05:15:09.460", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://github.com/bitcoin/bitcoin/issues/27586"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://github.com/bitcoin/bitcoin/issues/27623"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/bitcoin/bitcoin/pull/27610"}, {"source": "cve@mitre.org", "url": "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544"}, {"source": "cve@mitre.org", "url": "https://github.com/visualbasic6/drain"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/"}, {"source": "cve@mitre.org", "url": "https://x.com/123456/status/1711601593399828530"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}