CVE-2024-38365 (GCVE-0-2024-38365)
Vulnerability from cvelistv5
Published
2024-10-11 19:32
Modified
2024-10-11 19:48
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn't return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a "standard" Bitcoin transaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block. `removeOpcodeByData(script []byte, dataToRemove []byte)` removes any data pushes from `script` that contain `dataToRemove`. However, `FindAndDelete` only removes exact matches. So for example, with `script = "<data> <data||foo>"` and `dataToRemove = "data"` btcd will remove both data pushes but Bitcoin Core's `FindAndDelete` only removes the first `<data>` push. This has been patched in btcd version v0.24.2. Users are advised to upgrade. There are no known workarounds for this issue.
References
security-advisories@github.comhttps://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184
security-advisories@github.comhttps://github.com/btcsuite/btcd/commit/04469e600e7d4a58881e2e5447d19024e49800f5
security-advisories@github.comhttps://github.com/btcsuite/btcd/releases/tag/v0.24.2
security-advisories@github.comhttps://github.com/btcsuite/btcd/security/advisories/GHSA-27vh-h6mc-q6g8
Impacted products
Vendor Product Version
btcsuite btcd Version: >= 0.10.0, < 0.24.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-38365",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-11T19:46:36.694476Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-11T19:48:30.393Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "btcd",
               vendor: "btcsuite",
               versions: [
                  {
                     status: "affected",
                     version: ">= 0.10.0, < 0.24.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's \"FindAndDelete()\" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn't return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a \"standard\" Bitcoin transaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block. `removeOpcodeByData(script []byte, dataToRemove []byte)` removes any data pushes from `script` that contain `dataToRemove`. However, `FindAndDelete` only removes exact matches. So for example, with `script = \"<data> <data||foo>\"` and `dataToRemove = \"data\"` btcd will remove both data pushes but Bitcoin Core's `FindAndDelete` only removes the first `<data>` push. This has been patched in btcd version v0.24.2. Users are advised to upgrade. There are no known workarounds for this issue.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-670",
                     description: "CWE-670: Always-Incorrect Control Flow Implementation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-10-11T19:32:12.348Z",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               name: "https://github.com/btcsuite/btcd/security/advisories/GHSA-27vh-h6mc-q6g8",
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/btcsuite/btcd/security/advisories/GHSA-27vh-h6mc-q6g8",
            },
            {
               name: "https://github.com/btcsuite/btcd/commit/04469e600e7d4a58881e2e5447d19024e49800f5",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/btcsuite/btcd/commit/04469e600e7d4a58881e2e5447d19024e49800f5",
            },
            {
               name: "https://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184",
            },
            {
               name: "https://github.com/btcsuite/btcd/releases/tag/v0.24.2",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/btcsuite/btcd/releases/tag/v0.24.2",
            },
         ],
         source: {
            advisory: "GHSA-27vh-h6mc-q6g8",
            discovery: "UNKNOWN",
         },
         title: "btcd did not correctly re-implement Bitcoin Core's \"FindAndDelete()\" functionality",
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2024-38365",
      datePublished: "2024-10-11T19:32:12.348Z",
      dateReserved: "2024-06-14T14:16:16.465Z",
      dateUpdated: "2024-10-11T19:48:30.393Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         descriptions: "[{\"lang\": \"en\", \"value\": \"btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's \\\"FindAndDelete()\\\" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn't return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a \\\"standard\\\" Bitcoin transaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block. `removeOpcodeByData(script []byte, dataToRemove []byte)` removes any data pushes from `script` that contain `dataToRemove`. However, `FindAndDelete` only removes exact matches. So for example, with `script = \\\"<data> <data||foo>\\\"` and `dataToRemove = \\\"data\\\"` btcd will remove both data pushes but Bitcoin Core's `FindAndDelete` only removes the first `<data>` push. This has been patched in btcd version v0.24.2. Users are advised to upgrade. There are no known workarounds for this issue.\"}, {\"lang\": \"es\", \"value\": \"btcd es una implementaci\\u00f3n alternativa de nodo completo de bitcoin escrita en Go (golang). El cliente de Bitcoin btcd (versiones 0.10 a 0.24) no volvi\\u00f3 a implementar correctamente la funcionalidad \\\"FindAndDelete()\\\" de Bitcoin Core. Esta l\\u00f3gica es cr\\u00edtica para el consenso: la diferencia de comportamiento con los otros clientes de Bitcoin puede llevar a que los clientes de btcd acepten un bloque de Bitcoin no v\\u00e1lido (o rechacen uno v\\u00e1lido). Esta falla de consenso se puede aprovechar para causar una divisi\\u00f3n de la cadena (aceptando un bloque de Bitcoin no v\\u00e1lido) o se puede explotar para atacar los nodos de btcd (rechazando un bloque de Bitcoin v\\u00e1lido). Un atacante puede crear una transacci\\u00f3n est\\u00e1ndar donde FindAndDelete no devuelva una coincidencia pero removeOpCodeByData s\\u00ed, lo que hace que btcd obtenga un signo diferente, lo que lleva a una divisi\\u00f3n de la cadena. Es importante destacar que esta vulnerabilidad puede ser explotada de forma remota por cualquier usuario de Bitcoin y no requiere ning\\u00fan poder de hash. Esto se debe a que la diferencia en el comportamiento puede ser provocada por una transacci\\u00f3n \\\"est\\u00e1ndar\\\" de Bitcoin, es decir, una transacci\\u00f3n que se retransmite a trav\\u00e9s de la red P2P antes de que se incluya en un bloque de Bitcoin. `removeOpcodeByData(script []byte, dataToRemove []byte)` elimina cualquier env\\u00edo de datos de `script` que contenga `dataToRemove`. Sin embargo, `FindAndDelete` solo elimina las coincidencias exactas. Entonces, por ejemplo, con `script = \\\" \\\"` y `dataToRemove = \\\"data\\\"` btcd eliminar\\u00e1 ambos env\\u00edos de datos, pero `FindAndDelete` de Bitcoin Core solo elimina el primer env\\u00edo ``. Esto se ha corregido en la versi\\u00f3n v0.24.2 de btcd. Se recomienda a los usuarios que actualicen. No hay workarounds para este problema.\"}]",
         id: "CVE-2024-38365",
         lastModified: "2024-10-15T12:57:46.880",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}]}",
         published: "2024-10-11T20:15:04.733",
         references: "[{\"url\": \"https://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/btcsuite/btcd/commit/04469e600e7d4a58881e2e5447d19024e49800f5\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/btcsuite/btcd/releases/tag/v0.24.2\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/btcsuite/btcd/security/advisories/GHSA-27vh-h6mc-q6g8\", \"source\": \"security-advisories@github.com\"}]",
         sourceIdentifier: "security-advisories@github.com",
         vulnStatus: "Awaiting Analysis",
         weaknesses: "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-670\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2024-38365\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-10-11T20:15:04.733\",\"lastModified\":\"2024-10-15T12:57:46.880\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's \\\"FindAndDelete()\\\" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn't return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a \\\"standard\\\" Bitcoin transaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block. `removeOpcodeByData(script []byte, dataToRemove []byte)` removes any data pushes from `script` that contain `dataToRemove`. However, `FindAndDelete` only removes exact matches. So for example, with `script = \\\"<data> <data||foo>\\\"` and `dataToRemove = \\\"data\\\"` btcd will remove both data pushes but Bitcoin Core's `FindAndDelete` only removes the first `<data>` push. This has been patched in btcd version v0.24.2. Users are advised to upgrade. There are no known workarounds for this issue.\"},{\"lang\":\"es\",\"value\":\"btcd es una implementación alternativa de nodo completo de bitcoin escrita en Go (golang). El cliente de Bitcoin btcd (versiones 0.10 a 0.24) no volvió a implementar correctamente la funcionalidad \\\"FindAndDelete()\\\" de Bitcoin Core. Esta lógica es crítica para el consenso: la diferencia de comportamiento con los otros clientes de Bitcoin puede llevar a que los clientes de btcd acepten un bloque de Bitcoin no válido (o rechacen uno válido). Esta falla de consenso se puede aprovechar para causar una división de la cadena (aceptando un bloque de Bitcoin no válido) o se puede explotar para atacar los nodos de btcd (rechazando un bloque de Bitcoin válido). Un atacante puede crear una transacción estándar donde FindAndDelete no devuelva una coincidencia pero removeOpCodeByData sí, lo que hace que btcd obtenga un signo diferente, lo que lleva a una división de la cadena. Es importante destacar que esta vulnerabilidad puede ser explotada de forma remota por cualquier usuario de Bitcoin y no requiere ningún poder de hash. Esto se debe a que la diferencia en el comportamiento puede ser provocada por una transacción \\\"estándar\\\" de Bitcoin, es decir, una transacción que se retransmite a través de la red P2P antes de que se incluya en un bloque de Bitcoin. `removeOpcodeByData(script []byte, dataToRemove []byte)` elimina cualquier envío de datos de `script` que contenga `dataToRemove`. Sin embargo, `FindAndDelete` solo elimina las coincidencias exactas. Entonces, por ejemplo, con `script = \\\" \\\"` y `dataToRemove = \\\"data\\\"` btcd eliminará ambos envíos de datos, pero `FindAndDelete` de Bitcoin Core solo elimina el primer envío ``. Esto se ha corregido en la versión v0.24.2 de btcd. Se recomienda a los usuarios que actualicen. No hay workarounds para este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-670\"}]}],\"references\":[{\"url\":\"https://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/btcsuite/btcd/commit/04469e600e7d4a58881e2e5447d19024e49800f5\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/btcsuite/btcd/releases/tag/v0.24.2\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/btcsuite/btcd/security/advisories/GHSA-27vh-h6mc-q6g8\",\"source\":\"security-advisories@github.com\"}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-38365\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-11T19:46:36.694476Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-11T19:48:23.263Z\"}}], \"cna\": {\"title\": \"btcd did not correctly re-implement Bitcoin Core's \\\"FindAndDelete()\\\" functionality\", \"source\": {\"advisory\": \"GHSA-27vh-h6mc-q6g8\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"btcsuite\", \"product\": \"btcd\", \"versions\": [{\"status\": \"affected\", \"version\": \">= 0.10.0, < 0.24.2\"}]}], \"references\": [{\"url\": \"https://github.com/btcsuite/btcd/security/advisories/GHSA-27vh-h6mc-q6g8\", \"name\": \"https://github.com/btcsuite/btcd/security/advisories/GHSA-27vh-h6mc-q6g8\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/btcsuite/btcd/commit/04469e600e7d4a58881e2e5447d19024e49800f5\", \"name\": \"https://github.com/btcsuite/btcd/commit/04469e600e7d4a58881e2e5447d19024e49800f5\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184\", \"name\": \"https://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/btcsuite/btcd/releases/tag/v0.24.2\", \"name\": \"https://github.com/btcsuite/btcd/releases/tag/v0.24.2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's \\\"FindAndDelete()\\\" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn't return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a \\\"standard\\\" Bitcoin transaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block. `removeOpcodeByData(script []byte, dataToRemove []byte)` removes any data pushes from `script` that contain `dataToRemove`. However, `FindAndDelete` only removes exact matches. So for example, with `script = \\\"<data> <data||foo>\\\"` and `dataToRemove = \\\"data\\\"` btcd will remove both data pushes but Bitcoin Core's `FindAndDelete` only removes the first `<data>` push. This has been patched in btcd version v0.24.2. Users are advised to upgrade. There are no known workarounds for this issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-670\", \"description\": \"CWE-670: Always-Incorrect Control Flow Implementation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-10-11T19:32:12.348Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2024-38365\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-11T19:48:30.393Z\", \"dateReserved\": \"2024-06-14T14:16:16.465Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-10-11T19:32:12.348Z\", \"assignerShortName\": \"GitHub_M\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.