ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Discussing Pre-0.21.0 Bitcoin Core Vulnerability Disclosures"
Episode Synopsis
Brink engineers Gloria Zhao and Niklas Gögge talk through the recently disclosed Bitcoin Core pre-0.21.0 vulnerabilities.
(0:00) - Introductions and motivation for disclosures
(3:17) - Absolute value of a signed integer leads to rejection of all blocks
(13:50) - Too many misbehaving peers leads to DoS
(21:17) - Nested loop without deduplication leads to stalling
(27:34) - Vulnerability in dependency leads to potential RCE
(34:17) - Large memory allocation in peer receiver buffer and send buffer
(35:41) - Payment request fetch causes mysterious crashing
(37:39) - Misordered logic permits download of blocks bypassing checkpoints
(42:21) - Lessons learned from these disclosures
(0:00) - Introductions and motivation for disclosures
(3:17) - Absolute value of a signed integer leads to rejection of all blocks
(13:50) - Too many misbehaving peers leads to DoS
(21:17) - Nested loop without deduplication leads to stalling
(27:34) - Vulnerability in dependency leads to potential RCE
(34:17) - Large memory allocation in peer receiver buffer and send buffer
(35:41) - Payment request fetch causes mysterious crashing
(37:39) - Misordered logic permits download of blocks bypassing checkpoints
(42:21) - Lessons learned from these disclosures
More episodes of the podcast The Bitcoin Development Podcast
Mempool Ancestors and Descendants
24/11/2021
Mempool Policy
10/11/2021
In God we trust