CVE-2021-3195
openSUSE Security Advisory - openSUSE-SU-2022:0072-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions
** EN DISPUTA ** bitcoind en Bitcoin Core versiones hasta 0.21.0, puede crear un nuevo archivo en un directorio arbitrario (por ejemplo, fuera del directorio ~/.bitcoin) por medio de una llamada RPC dumpwallet NOTA: segĂșn se informa, esto no viola el modelo de seguridad de Bitcoin Core, pero puede violar el modelo de seguridad de un fork que haya implementado restricciones de dumpwallet
An update that fixes one vulnerability is now available. This update for bitcoin fixes the following issues.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-21 CVE Reserved
- 2021-01-21 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-05-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/bitcoin/bitcoin/issues/20866 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bitcoin Search vendor "Bitcoin" | Bitcoin Core Search vendor "Bitcoin" for product "Bitcoin Core" | <= 0.21.0 Search vendor "Bitcoin" for product "Bitcoin Core" and version " <= 0.21.0" | - |
Affected
| ||||||