Vulnerability Details : CVE-2021-37491
An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function.
Products affected by CVE-2021-37491
- cpe:2.3:a:dogecoin:dogecoin:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-37491
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-37491
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2021-37491
-
https://github.com/bitcoin/bitcoin/commit/2fb9c1e6681370478e24a19172ed6d78d95d50d3
shuffle selected coins before transaction finalization · bitcoin/bitcoin@2fb9c1e · GitHubPatch
-
http://dogecoin.com
Dogecoin - An open-source peer-to-peer digital currencyProduct
-
https://github.com/VPRLab/BlkVulnReport/blob/main/NDSS23_BlockScope.pdf
BlkVulnReport/NDSS23_BlockScope.pdf at main · VPRLab/BlkVulnReport · GitHubExploit;Technical Description
-
https://github.com/dogecoin/dogecoin/issues/2279
[vulnerability] Possible privacy leakage due to ordered transaction inputs · Issue #2279 · dogecoin/dogecoin · GitHubIssue Tracking;Patch
-
https://github.com/dogecoin/dogecoin/blob/master/src/wallet/wallet.cpp#L2628-L2640
dogecoin/wallet.cpp at master · dogecoin/dogecoin · GitHubExploit
Jump to