Vulnerability Details : CVE-2021-31876

Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence <= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implementation does not enforce this. Instead, mempool rejects the replacement attempt of the unconfirmed child transaction.

Vulnerability category: Denial of service

Published 2021-05-13 22:15:08

Updated 2021-05-26 20:12:00

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-31876

Probability of exploitation activity in the next 30 days: 0.14%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 48 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-31876

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:P	10.0	4.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	3.9	2.5	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: Low

CWE ids for CVE-2021-31876

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Assigned by: [email protected] (Primary)

References for CVE-2021-31876

https://github.com/bitcoin/bitcoin

Third Party Advisory
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876

Third Party Advisory
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html

Mailing List;Third Party Advisory
https://bitcoinops.org/en/newsletters/2021/05/12/

Vendor Advisory
https://bitcoinops.org/en/topics/replace-by-fee/

Vendor Advisory

Products affected by CVE-2021-31876

Bitcoin » Bitcoin
Versions from including (>=) 0.12.0 and up to, including, (<=) 0.21.1
cpe:2.3:a:bitcoin:bitcoin:*:*:*:*:*:*:*:*
Matching versions