Vulnerability Details : CVE-2011-4447
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.
Exploit prediction scoring system (EPSS) score for CVE-2011-4447
Probability of exploitation activity in the next 30 days: 0.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 36 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4447
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-4447
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4447
-
http://bitcoin.org/releases/2011/11/21/v0.5.0.html
Bitcoin-Qt version 0.5.0 released
-
https://en.bitcoin.it/wiki/CVEs
Common Vulnerabilities and Exposures - Bitcoin WikiVendor Advisory
-
https://bitcointalk.org/index.php?topic=51474.0
Wallet encryption issue
-
https://bitcointalk.org/index.php?topic=51604.0
Wallet encryption bug found (IMPORTANT!)
Products affected by CVE-2011-4447
- cpe:2.3:a:bitcoin:wxbitcoin:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:bitcoin:wxbitcoin:0.5.0:rc:*:*:*:*:*:*
- cpe:2.3:a:bitcoin:wxbitcoin:0.4.1:rc6:*:*:*:*:*:*
- cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*
- cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*