Brink engineers Gloria Zhao and Niklas Gögge talk through the recently disclosed Bitcoin Core 0.21.0 vulnerabilities.
This continues our previous discussion in Episode 4 on pre-0.21.0 Bitcoin Core Vulnerabilities.
- 0:00 - Introduction
- 1:07 - Background on Bitcoin peer-to-peer address relay
- 4:30 - Bitcoin Core’s AddrMan (address manager) data structure
- 5:37 - Disclosure of remote crash due to addr message spam
- 8:51 - Address spamming observed on the network
- 10:57 - Bitcoin Core #22387 PR to fix addr message spam
- 13:46 - Background on Miniupnp, the UPnP library used by Bitcoin Core
- 15:18 - The bug in Miniupnpc
- 16:33 - Disclosure of the impact of an infinite loop bug in the miniupnp dependency
- 17:50 - Bitcoin Core #20421 PR to fix the infinite loop bug in the miniupnp dependency
- 18:46 - Lessons learned
Keep in touch
Subscribe to The Bitcoin Development Podcast:
Subscribe to the Brink newsletter for our blog posts.