ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Discussing Pre-22.0 Bitcoin Core Vulnerability Disclosures"
Episode Synopsis
Brink engineers Gloria Zhao and Niklas Gögge talk through the recently disclosed Bitcoin Core pre-22.0 vulnerabilities.
This continues our previous discussion in Episode 4 on pre-0.21.0 Bitcoin Core Vulnerabilities.
(0:00) - Introduction
(1:07) - Background on Bitcoin peer-to-peer address relay
(4:30) - Bitcoin Core’s AddrMan (address manager) data structure
(5:37) - Disclosure of remote crash due to addr message spam
(8:51) - Address spamming observed on the network
(10:57) - Bitcoin Core #22387 PR to fix addr message spam
(13:46) - Background on Miniupnp, the UPnP library used by Bitcoin Core
(15:18) - The bug in Miniupnpc
(16:33) - Disclosure of the impact of an infinite loop bug in the miniupnp dependency
(17:50) - Bitcoin Core #20421 PR to fix the infinite loop bug in the miniupnp dependency
(18:46) - Lessons learned
This continues our previous discussion in Episode 4 on pre-0.21.0 Bitcoin Core Vulnerabilities.
(0:00) - Introduction
(1:07) - Background on Bitcoin peer-to-peer address relay
(4:30) - Bitcoin Core’s AddrMan (address manager) data structure
(5:37) - Disclosure of remote crash due to addr message spam
(8:51) - Address spamming observed on the network
(10:57) - Bitcoin Core #22387 PR to fix addr message spam
(13:46) - Background on Miniupnp, the UPnP library used by Bitcoin Core
(15:18) - The bug in Miniupnpc
(16:33) - Disclosure of the impact of an infinite loop bug in the miniupnp dependency
(17:50) - Bitcoin Core #20421 PR to fix the infinite loop bug in the miniupnp dependency
(18:46) - Lessons learned
More episodes of the podcast The Bitcoin Development Podcast
Mempool Ancestors and Descendants
24/11/2021
Mempool Policy
10/11/2021
In God we trust