Merge #1042: Security advisories for bugs fixed as of Bitcoin Core 0.21.0

0a549fa advisory page: show latest disclosure first (Antoine Poinsot)
054d744 posts: disclose historical DoS vulnerability (header spam) (Antoine Poinsot)
d2943c5 posts: disclose historical DoS vulnerability (orphan resolution) (Antoine Poinsot)
04a8f71 posts: disclose historical DoS vulnerability (GETDATA 100% CPU) (Antoine Poinsot)
7cf880b posts: disclose historical DoS vulnerability (INV buffer blowup) (Antoine Poinsot)
f0756b7 posts: disclose historical netsplit vulnerability (timestamp overflow) (Antoine Poinsot)
259217b posts: disclose historical DoS vulnerability (unbounded banlist) (Antoine Poinsot)
2d4af7c posts: disclose historical tx relay censorship vulnerability (g_already_asked_for rolling) (Antoine Poinsot)
4b564d3 posts: disclose historical DoS vulnerability (BIP70) (Antoine Poinsot)
9718761 posts: disclose historical RCE vulnerability (miniupnpc) (Antoine Poinsot)
39a9a30 posts: disclose historical DoS vulnerability (receive buffer) (Antoine Poinsot)

Pull request description:

  This publicly discloses 10 security vulnerabilities fixed in Bitcoin Core 0.21.0 or earlier versions.

  These writeups result from a common effort to dig up and document past vulnerabilities with achow101 ajtowns fanquake dergoegge and sipa.

ACKs for top commit:
  achow101:
    ACK 0a549fa
  sipa:
    ACK 0a549fa
  fanquake:
    ACK 0a549fa

Tree-SHA512: ee8a3269ce24e5c87a6cfc9195eab42fc879f61efdc393c0f03b3ba6ab23124f70e7d3ea0b673de38db04e98f9e7b5bec6016218d9e2bae8cdfbb4e15b862619

Author: fanquake

_posts/en/pages/2024-06-26-security-advisories.md

@@ -40,7 +40,7 @@ differentiate between 4 classes of vulnerabilities:
 
 ## Past Security Advisories
 
-{% assign advisories=site.posts | where:"lang", 'en' | where:"type", 'advisory' %}
+{% assign advisories=site.posts | where:"lang", 'en' | where:"type", 'advisory' | sort: "date" | reverse %}
 {% for advisory in advisories %}
 {% assign post=advisory %}
   <article>

_posts/en/posts/2024-07-03-disclose-bip70-crash.md

@@ -0,0 +1,46 @@
+---
+title: Disclosure of crash due to malicious BIP72 URI (≤ version 0.19.2)
+name: blog-disclose-bip70-crash
+id: en-blog-disclose-bip70-crash
+lang: en
+type: advisory
+layout: post
+
+## If this is a new post, reset this counter to 1.
+version: 1
+
+## Only true if release announcement or security annoucement. English posts only
+announcement: 1
+
+excerpt: >
+  The BIP70 implementation in Bitcoin Core could silently crash when opening a BIP72 URI.
+---
+
+Bitcoin-Qt could crash upon opening a [BIP72](https://github.com/bitcoin/bips/blob/master/bip-0072.mediawiki) URI.
+
+This issue is considered **Medium** severity.
+
+## Details
+
+[BIP72](https://github.com/bitcoin/bips/blob/master/bip-0072.mediawiki) extends the BIP21 URI scheme
+with an `r` parameter to fetch a payment request from. An attacker could simply point the URL
+contained in the `r` parameter to a very large file, for which Bitcoin-Qt would try to allocate
+enough memory and crash.
+
+The victim could get tricked into opening a rogue payment request. The large download would happen
+in the background with little to no output in the GUI until the application runs out of memory.
+
+## Attribution
+
+Credits go to Michael Ford (Fanquake) for responsibly disclosing the issue and providing a PoC.
+
+## Timeline
+
+- 2019-08-12 Michael Ford reports the bug to Cory Fields and Wladimir Van Der Laan
+- 2019-10-16 Michael Ford opens PR [#17165](https://github.com/bitcoin/bitcoin/pull/17165) to get rid of BIP70 support entirely
+- 2019-10-26 Michael's PR is merged into Bitcoin Core
+- 2020-06-03 Bitcoin Core version 0.20.0 is released
+- 2021-09-13 The last vulnerable Bitcoin Core version (0.19.0) goes EOL
+- 2024-07-03 Public disclosure
+
+{% include references.md %}

_posts/en/posts/2024-07-03-disclose-getdata-cpu.md

@@ -0,0 +1,49 @@
+---
+title: Disclosure of CPU DoS due to malicious P2P message (≤ version 0.19.2)
+name: blog-disclose-getdata-cpu
+id: en-blog-disclose-getdata-cpu
+lang: en
+type: advisory
+layout: post
+
+## If this is a new post, reset this counter to 1.
+version: 1
+
+## Only true if release announcement or security annoucement. English posts only
+announcement: 1
+
+excerpt: >
+  A malformed `GETDATA` message could trigger an infinite loop on the receiving node, using 100% of the CPU allocated to this thread.
+---
+
+A malformed `GETDATA` message could trigger an infinite loop on the receiving node, using 100% of
+the CPU allocated to this thread and not making further progress on this connection.
+
+This issue is considered **Low** severity.
+
+## Details
+
+Before Bitcoin Core 0.20.0, an attacker (or buggy client, even) could send us a `GETDATA` message
+that would cause our net_processing thread to start spinning at 100%, and not make progress
+processing messages for the attacker peer anymore. It would still make progress processing messages
+from other peers, so it is just a CPU DoS with low impact beyond that (not making progress for
+attacker peers is a non-issue). It also increases per-peer long-term memory usage up by 1.5 MB per
+attacker peer.
+
+John Newbery opened [PR #18808](https://github.com/bitcoin/bitcoin/pull/18808) to fix this issue by
+only disclosing the lack of progress.
+
+## Attribution
+
+Credits to John Newbery for finding this bug, responsibly disclosing it and fixing it.
+
+## Timeline
+
+- 2020-04-29 John Newbery opens #18808
+- 2020-05-08 John Newbery reports his finding by email
+- 2020-05-12 #18808 is merged
+- 2020-06-03 Bitcoin Core version 0.20.0 is released with a fix
+- 2021-09-13 The last vulnerable Bitcoin Core version (0.19.x) goes EOL
+- 2024-07-03 Public disclosure.
+
+{% include references.md %}

_posts/en/posts/2024-07-03-disclose-header-spam.md

@@ -0,0 +1,48 @@
+---
+title: Disclosure of memory DoS using low-difficulty headers (≤ version 0.14.3)
+name: blog-disclose-header-spam-checkpoint-bypass
+id: en-blog-disclose-header-spam-checkpoint-bypass
+lang: en
+type: advisory
+layout: post
+
+## If this is a new post, reset this counter to 1.
+version: 1
+
+## Only true if release announcement or security annoucement. English posts only
+announcement: 1
+
+excerpt: >
+  After Bitcoin Core 0.12.0 and before Bitcoin Core 0.15.0 a node could be spammed with minimum difficulty headers, which could possibly be leveraged to crash it by OOM.
+---
+
+After Bitcoin Core 0.12.0 and before Bitcoin Core 0.15.0 a node could be spammed with minimum
+difficulty headers, which could possibly be leveraged to crash it by OOM.
+
+This issue is considered **Medium** severity.
+
+## Details
+
+Before the introduction of [headers
+pre-synchronisation](https://github.com/bitcoin/bitcoin/pull/25717), nodes relied exclusively on
+checkpoints to avoid getting spammed by low-difficulty headers.
+
+In Bitcoin Core 0.12.0 a check for headers forking before the last checkpoint's height was moved to
+after storing the header in `mapBlockIndex`. This allowed an attacker to grow the map unboundedly by
+spamming headers whose parent is the genesis block (which only need difficulty 1 to create), as such
+blocks bypassed the checkpoint logic.
+
+## Attribution
+
+Credits to Cory Fields for finding and responsibly disclosing the bug.
+
+## Timeline
+
+- 2017-08-08 Cory Fields privately reports the bug
+- 2017-08-11 Pieter Wuille opens [PR #11028](https://github.com/bitcoin/bitcoin/pull/11028) to fix it
+- 2017-08-14 PR #11028 is merged
+- 2017-09-14 Bitcoin Core version 0.15.0 is released with a fix
+- 2018-10-03 The last vulnerable version of Bitcoin Core (0.14.3) goes end of life
+- 2024-07-03 Public disclosure.
+
+{% include references.md %}

_posts/en/posts/2024-07-03-disclose-inv-buffer-blowup.md

@@ -0,0 +1,48 @@
+---
+title: Disclosure of memory DoS due to malicious P2P message (≤ version 0.19.2)
+name: blog-disclose-inv-buffer-blowup
+id: en-blog-disclose-inv-buffer-blowup
+lang: en
+type: advisory
+layout: post
+
+## If this is a new post, reset this counter to 1.
+version: 1
+
+## Only true if release announcement or security annoucement. English posts only
+announcement: 1
+
+excerpt: >
+  Public disclosure of a DoS vulnerability affecting old versions of Bitcoin Core
+---
+
+A node could be forced to allocate a significant amount of memory upon receiving a specially crafted
+`INV` message. This was particularly an issue for nodes with little available memory or a large
+number of connections.
+
+This issue is considered **Medium** severity.
+
+## Details
+
+An `INV` message filled with 50,000 block items could cause 50,000 `getheaders` responses to be sent
+in a single `ProcessMessages()` call. Each response contains a locator and is around 1 kB. All would
+be put into the send buffer at once. The attacker could just refuse to receive data to prevent the
+50 MB buffer from draining.
+
+John Newbery opened [PR #18962](https://github.com/bitcoin/bitcoin/pull/18962) to fix this issue
+pretexting a bandwidth gain from sending a single `GETHEADERS` per received `INV`.
+
+## Attribution
+
+Credits to John Newbery for finding this bug, responsibly disclosing it and fixing it.
+
+## Timeline
+
+- 2020-05-08 John Newbery reports his finding by email
+- 2020-05-12 John Newbery opens #18962
+- 2020-05-14 #18962 is merged
+- 2020-06-03 Bitcoin Core version 0.20.0 is released with a fix
+- 2021-09-13 The last vulnerable Bitcoin Core version (0.19.x) goes EOL
+- 2024-07-03 Public disclosure.
+
+{% include references.md %}

_posts/en/posts/2024-07-03-disclose-orphan-dos.md

@@ -0,0 +1,52 @@
+---
+title: Disclosure of CPU DoS / stalling due to malicious P2P message (≤ version 0.17.2)
+name: blog-disclose-orphan-dos
+id: en-blog-disclose-orphan-dos
+lang: en
+type: advisory
+layout: post
+
+## If this is a new post, reset this counter to 1.
+version: 1
+
+## Only true if release announcement or security annoucement. English posts only
+announcement: 1
+
+excerpt: >
+  A node could be stalled for hours when processing the orphans of a specially crafted unconfirmed transaction.
+---
+
+A node could be stalled for hours when processing the orphans of a specially crafted unconfirmed
+transaction.
+
+This issue is considered **High** severity.
+
+## Details
+
+After accepting a transaction into its mempool, the node would go through its cache of orphan
+transactions to find if this new accepted transaction makes it possible to accept any. This search
+was quadratic: for each output in the newly accepted transaction it would go through all cached
+orphan transactions (limited to 100). By specially crafting the orphan transactions to be invalid
+yet expensive to validate a node could be stalled for several hours.
+
+The stall was fixed by Pieter Wuille in [PR #15644](https://github.com/bitcoin/bitcoin/pull/15644)
+by interrupting the orphan resolution to process new messages when a match is found (whether the
+orphan turns out to be valid or not).
+
+## Attribution
+
+Credits to sec.eine for responsibly disclosing the bug and providing feedback on the fix.
+
+## Timeline
+
+- 2019-03-19 sec.eine reports the issue to Greg Maxwell by email
+- 2019-03-21 Greg Maxwell responds with information about the proposed patch
+- 2019-03-22 sec.eine gives feedback on the patch ("seems solid and [..] doesn't attract attention")
+- 2019-03-22 Pieter Wuille opens PR #15644
+- 2019-04-01 PR #15644 is merged
+- 2019-05-18 Bitcoin Core version 0.18.0 is released with a fix
+- 2020-07-22 The issue is [partially disclosed](https://bitcoincore.reviews/15644#l-285) during a PR review club
+- 2020-08-01 The last vulnerable Bitcoin Core version (0.17.x) goes EOL
+- 2024-07-03 Public disclosure.
+
+{% include references.md %}

_posts/en/posts/2024-07-03-disclose-timestamp-overflow.md

@@ -0,0 +1,52 @@
+---
+title: Disclosure of netsplit due to malicious P2P messages by first 200 peers (≤ version 0.20.1)
+name: blog-disclose-timestamp-overflow
+id: en-blog-disclose-timestamp-overflow
+lang: en
+type: advisory
+layout: post
+
+## If this is a new post, reset this counter to 1.
+version: 1
+
+## Only true if release announcement or security annoucement. English posts only
+announcement: 1
+
+excerpt: >
+  Disclosure of the details of an integer overflow bug which risked causing a network split.
+---
+
+Disclosure of the details of an integer overflow bug which risked causing a network split, a fix for
+which was released on January 15th, 2021 in Bitcoin Core version 0.21.0.
+
+This issue is considered **Medium** severity.
+
+## Technical details
+
+A network split vulnerability resulted from two separate bugs in the processing code of `version`
+messages:
+* Signed-integer overflow when calculating the time offset for newly connecting peers.
+* abs64 logic bug (`abs64(std::numeric_limits<int64_t>::min()) ==
+  std::numeric_limits<int64_t>::min()`), resulting in a bypass of the maximum time adjustment limit.
+
+The two bugs allow an attacker to force a victims adjusted time (`system time + network time
+offset`) to be skewed such that any new blocks are rejected for having a timestamp that is dated too
+far in the future. It should be noted that this attack assumes the attacker is among the first 200
+peers to connect to the victim, as only the time offsets from those initial connections are factored
+into adjusted time.
+
+## Attribution
+
+Credit goes to [practicalswift](https://github.com/practicalswift) for discovering and providing the
+initial fix for the vulnerability, and Pieter Wuille for the fix as well as general cleanup to the
+at-risk code.
+
+## Timeline
+
+* 2020-10-10 Initial report send to security@bitcoincore.org
+* 2020-10-13 Fix merged into Bitcoin Core (https://github.com/bitcoin/bitcoin/pull/20141)
+* 2021-01-15 v0.21.0 released
+* 2022-04-25 The last vulnerable Bitcoin Core version (0.20.x) goes EOL
+* 2024-07-03 Public disclosure
+
+{% include references.md %}

_posts/en/posts/2024-07-03-disclose-unbounded-banlist.md

@@ -0,0 +1,52 @@
+---
+title: Disclosure of CPU/memory DoS due to many malicious peers (≤ version 0.20.0)
+name: blog-disclose-unbounded-banlist
+id: en-blog-disclose-unbounded-banlist
+lang: en
+type: advisory
+layout: post
+
+## If this is a new post, reset this counter to 1.
+version: 1
+
+## Only true if release announcement or security annoucement. English posts only
+announcement: 1
+
+excerpt: >
+  Bitcoin Core maintained an unlimited list of banned IP addresses and performed a quadratic operation on it. This could lead to an OOM crash and a CPU Dos.
+---
+
+Bitcoin Core maintained an unlimited list of banned IP addresses and performed a quadratic operation
+on it. This could lead to an OOM crash and a CPU Dos.
+
+This issue is considered **High** severity.
+
+## Details
+
+Bitcoin Core maintained a list of banned IP addresses. This list was not bounded and could be
+manipulated by an adversary. Adding new entries to this list was particularly cheap for an attacker
+when considering IPV6. In addition, when receiving a `GETADDR` message, Bitcoin Core would scan the
+entire ban list for every single address to be returned (up to 2500).
+
+## Attribution
+
+Calin Culianu first responsibly disclosed it. Calin later publicly disclosed the bug in [a PR
+comment](https://github.com/bitcoin/bitcoin/pull/15617#issuecomment-640898523).
+
+On the same day Jason Cox from Bitcoin ABC emailed the Bitcoin Core project to share this same
+report they also received.
+
+## Timeline
+
+- 2020-06-08 Calin Culianu privately reports the bug to the Bitcoin Core project
+- 2020-06-08 Jason Cox privately shares the (same) report sent to Bitcoin ABC with Bitcoin Core
+- 2020-06-08 Calin Culianu publicly discloses the vulnerability on the original PR which introduced the quadratic behaviour
+- 2020-06-09 Pieter Wuille opens PR [#19219](https://github.com/bitcoin/bitcoin/pull/19219) which fixes both the unbounded memory usage and the quadratic behaviour
+- 2020-06-16 Luke Dashjr gets assigned CVE-2020-14198 for this vulnerability after his request
+- 2020-07-07 Pieter's PR is merged
+- 2020-08-01 Bitcoin Core 0.20.1 is released with the fix
+- 2021-01-14 Bitcoin Core 0.21.0 is released with the fix
+- 2022-04-25 The last vulnerable Bitcoin Core version (0.20.0) goes EOL
+- 2024-07-03 (Official) Public Disclosure
+
+{% include references.md %}