CVE-2021-3195 Improper Input Validation of Dumpwallet (19th Mar 2021)

Preface: In 2020, the public doubts that Bitcoin may die. The fact is, his performance is strong.

Background: Dumpwallet capable to dump all wallet keys in a human-readable format to a server-side file. When you use dumpwallet, you should expect to see several thousand lines. If you have not imported any scripts, you should have the same number of key lines as script lines.
This is because each key has a segwit script. SegWit is the process by which the block size limit on a blockchain is increased by removing signature data from bitcoin transactions. BIP173 is a way to encode segwit transaction outputs. If you have imported any scripts such as multisig scripts or addresses which are not yours, then you will see those scripts in the script lines as well.

Vulnerability details: Bitcoind is the Bitcoin Core daemon. A design weakness found on dumpwallet. The bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call.

Impact: Arbitrary code execution is possible if file created. It increase the insider threats risk level.

Status: No official announcement has been received stating that the bug has been fixed. For more details, please refer to the link – https://github.com/bitcoin/bitcoin/issues/20866

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.