Launchpad CVE tracker

CVE 2013-2293

The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.

Related bugs and status

CVE-2013-2293 (Candidate) is related to these bugs:

Bug #1127181: Use icon of higher resolution for bitcoin-qt

Summary				In	Importance	Status
	1127181	Use icon of higher resolution for bitcoin-qt		bitcoin (Ubuntu)	Undecided	Fix Released

Bug #1314616: [SRU] bitcoin to be maintained upstream in PPA: Replace distro archive "bitcoin" bitcoin with an empty dummy package

Summary				In	Importance	Status
	1314616	[SRU] bitcoin to be maintained upstream in PPA: Replace distro archive "bitcoin" bitcoin with an empty dummy package		bitcoin (Ubuntu)	Medium	Fix Released
	1314616	[SRU] bitcoin to be maintained upstream in PPA: Replace distro archive "bitcoin" bitcoin with an empty dummy package		bitcoin (Ubuntu Precise)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-2293

References