CVE-2012-1909 - Vulnerability Details - OpenCVE

The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bitcoin	Bitcoin Core Wxbitcoin

Configuration 1 [-]

OR	cpe:2.3:a:bitcoin:bitcoin_core::::::::
	cpe:2.3:a:bitcoin:bitcoin_core::rc2::::::*
	cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:::::::*
	cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:::::::*
	cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:::::::*
	cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:::::::*
	cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:::::::*
	cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:::::::*
	cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:::::::*
	cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:::::::*
	cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6::::::
	cpe:2.3:a:bitcoin:wxbitcoin::::::::

No data.

References

Link	Providers
http://r6.ca/blog/20120206T005236Z.html
http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development
https://bitcointalk.org/index.php?topic=67738.0
https://bugs.gentoo.org/show_bug.cgi?id=407793
https://en.bitcoin.it/wiki/BIP_0030
https://en.bitcoin.it/wiki/CVEs
https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-08-06T16:00:00Z

Updated: 2024-09-17T00:31:19.043Z

Reserved: 2012-03-26T00:00:00Z

Link: CVE-2012-1909

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-08-06T16:55:01.400

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-1909

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-08-06T16:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://en.bitcoin.it/wiki/BIP_0030"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531"}, {"name": "[bitcoin-development] 20120228 Duplicate transactions vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://en.bitcoin.it/wiki/CVEs"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=407793"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bitcointalk.org/index.php?topic=67738.0"}, {"tags": ["x_refsource_MISC"], "url": "http://r6.ca/blog/20120206T005236Z.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1909", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://en.bitcoin.it/wiki/BIP_0030", "refsource": "CONFIRM", "url": "https://en.bitcoin.it/wiki/BIP_0030"}, {"name": "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531", "refsource": "CONFIRM", "url": "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531"}, {"name": "[bitcoin-development] 20120228 Duplicate transactions vulnerability", "refsource": "MLIST", "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development"}, {"name": "https://en.bitcoin.it/wiki/CVEs", "refsource": "CONFIRM", "url": "https://en.bitcoin.it/wiki/CVEs"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=407793", "refsource": "CONFIRM", "url": "https://bugs.gentoo.org/show_bug.cgi?id=407793"}, {"name": "https://bitcointalk.org/index.php?topic=67738.0", "refsource": "CONFIRM", "url": "https://bitcointalk.org/index.php?topic=67738.0"}, {"name": "http://r6.ca/blog/20120206T005236Z.html", "refsource": "MISC", "url": "http://r6.ca/blog/20120206T005236Z.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:17:27.004Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://en.bitcoin.it/wiki/BIP_0030"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531"}, {"name": "[bitcoin-development] 20120228 Duplicate transactions vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://en.bitcoin.it/wiki/CVEs"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=407793"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bitcointalk.org/index.php?topic=67738.0"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://r6.ca/blog/20120206T005236Z.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1909", "datePublished": "2012-08-06T16:00:00Z", "dateReserved": "2012-03-26T00:00:00Z", "dateUpdated": "2024-09-17T00:31:19.043Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "D009847B-E8E7-4472-8260-4A334438C587", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:rc2:*:*:*:*:*:*", "matchCriteriaId": "85185B12-FD03-43E7-85D0-3BF8299A3340", "versionEndIncluding": "0.4.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "61F25360-9436-41C9-82CB-39D7FF087C2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "83F460DD-E537-430D-A370-485E0A707560", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "BD9264DE-6336-4654-8E8A-A3725B845D23", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "B7A0874D-2223-4577-A8E6-93455B9C1DA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F5F6B138-0ED9-4205-B544-66C4C60C3A68", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*", "matchCriteriaId": "8494FF99-5D8C-497A-90E7-3D87807F5997", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:*:*:*:*:*:*:*:*", "matchCriteriaId": "68AA5321-2756-4741-9437-6D8904A677E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction."}, {"lang": "es", "value": "El protocolo Bitcoin, como se usa en bitcoind anterior a v0.4.4, wxBitcoin, Bitcoin Qt, y otros programas, no maneja adecuadamente las transacciones m\u00faltiples con el mismo identificador, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (transacci\u00f3n unspendable) mediante el aprovechamiento de la capacidad de crear una transacci\u00f3n coinbase duplicado."}], "id": "CVE-2012-1909", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-06T16:55:01.400", "references": [{"source": "cve@mitre.org", "url": "http://r6.ca/blog/20120206T005236Z.html"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development"}, {"source": "cve@mitre.org", "url": "https://bitcointalk.org/index.php?topic=67738.0"}, {"source": "cve@mitre.org", "url": "https://bugs.gentoo.org/show_bug.cgi?id=407793"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://en.bitcoin.it/wiki/BIP_0030"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://en.bitcoin.it/wiki/CVEs"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://r6.ca/blog/20120206T005236Z.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bitcointalk.org/index.php?topic=67738.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.gentoo.org/show_bug.cgi?id=407793"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://en.bitcoin.it/wiki/BIP_0030"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://en.bitcoin.it/wiki/CVEs"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}