Vulnerability Details CVE-2011-4447
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://bitcoin.org/releases/2011/11/21/v0.5.0.html
- https://bitcointalk.org/index.php?topic=51474.0
- https://bitcointalk.org/index.php?topic=51604.0
- https://en.bitcoin.it/wiki/CVEs
- http://bitcoin.org/releases/2011/11/21/v0.5.0.html
- https://bitcointalk.org/index.php?topic=51474.0
- https://bitcointalk.org/index.php?topic=51604.0
- https://en.bitcoin.it/wiki/CVEs
Products affected by CVE-2011-4447
-
cpe:2.3:a:bitcoin:bitcoin_core:0.4.0
-
cpe:2.3:a:bitcoin:bitcoin_core:0.4.1
-
cpe:2.3:a:bitcoin:bitcoin_core:0.5.0
-
cpe:2.3:a:bitcoin:wxbitcoin:0.4.0
-
cpe:2.3:a:bitcoin:wxbitcoin:0.4.1
-
cpe:2.3:a:bitcoin:wxbitcoin:0.5.0