Bitcoin Core up to 0.18.x bitcoin-qt platformpluginpath state issue

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in Bitcoin Core up to 0.18.x. Affected by this issue is an unknown functionality of the component bitcoin-qt. Upgrading to version 0.19.0 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Field02/04/2021 10:56 AM02/23/2021 02:01 PM
nameBitcoin CoreBitcoin Core
version<=0.18.x<=0.18.x
componentbitcoin-qtbitcoin-qt
argumentplatformpluginpathplatformpluginpath
cwe371 (privilege escalation)371 (privilege escalation)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://achow101.com/2021/02/0.18-uri-vulnhttps://achow101.com/2021/02/0.18-uri-vuln
nameUpgradeUpgrade
upgrade_version0.19.00.19.0
patch_urlhttps://github.com/bitcoin/bitcoin/pull/16578https://github.com/bitcoin/bitcoin/pull/16578
cveCVE-2021-3401CVE-2021-3401
cvss3_meta_tempscore6.36.0
price_0day$0-$5k$0-$5k
date1612393200 (02/04/2021)1612393200 (02/04/2021)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore7.56.5
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.36.0
cvss3_meta_basescore6.36.3
cve_assigned1612393200
cve_nvd_summaryBitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited."

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!