Launchpad CVE tracker

CVE 2013-4165

The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.

Related bugs and status

CVE-2013-4165 (Candidate) is related to these bugs:

Bug #1225114: Sync bitcoin 0.8.5-1 (universe) from Debian unstable (main) [security]

Summary				In	Importance	Status
	1225114	Sync bitcoin 0.8.5-1 (universe) from Debian unstable (main) [security]		bitcoin (Ubuntu)	Wishlist	Fix Released

Bug #1314616: [SRU] bitcoin to be maintained upstream in PPA: Replace distro archive "bitcoin" bitcoin with an empty dummy package

Summary				In	Importance	Status
	1314616	[SRU] bitcoin to be maintained upstream in PPA: Replace distro archive "bitcoin" bitcoin with an empty dummy package		bitcoin (Ubuntu)	Medium	Fix Released
	1314616	[SRU] bitcoin to be maintained upstream in PPA: Replace distro archive "bitcoin" bitcoin with an empty dummy package		bitcoin (Ubuntu Precise)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-4165

References