Bitcoin Q&A: CVE-2018-17144 vulnerability




What is the CVE-2018-17144 vulnerability in the Bitcoin Core client? How did such a critical bug happen? What should we do about it?

Please see the following about upgrading your node to the latest release; alternatively you can find various backported releases with the vulnerability fixed: https://lists.linuxfoundation.org/pipermail/bitcoin-core-dev/2018-October/000068.html

This question is from the September monthly Patreon session, which took place on September 29th 2018. If you want early-access to talks and a chance to participate in the monthly live Q&As with Andreas, become a patron: https://www.patreon.com/aantonop

RELATED:
Advanced Bitcoin Scripting, Part 1: Transactions and Multisig – https://youtu.be/8FeAXjkmDcQ
Advanced Bitcoin Scripting, Part 2: SegWit, Consensus, and Trustware – https://youtu.be/pQbeBduVQ4I
Migrating to post-quantum cryptography
What is a private key? – https://youtu.be/xxfUpIV9wRI
Public keys vs. addresses – https://youtu.be/8es3qQWkEiU
Protocol development security – https://youtu.be/4fsL5XWsTJ4
Software distribution security – https://youtu.be/_V0vqy046YM
Lightning’s security model – https://youtu.be/_GNsT_ufkec
Misconceptions about the Lightning Network – https://youtu.be/c4TjfaLgzj4
Eltoo, and the early days of Lightning – https://youtu.be/o6eFZ5aI9N0
Lightning Network scaling – https://youtu.be/4KiWkwo48k0
Lightning Network interoperability – https://youtu.be/1HYMWcJHGXc
Lightning Network game theory – https://youtu.be/7if0DuTtozY
Atomic swaps – https://youtu.be/fNFBA2UmUmg
Full node and home network security – https://youtu.be/uo58zmyXqFY
Running nodes and payment channels – https://youtu.be/ndcfBfE_yoY
What is Segregated Witness (SegWit)? – https://youtu.be/dtOjjB4mD8k
SegWit and fork research – https://youtu.be/OorLoi01KEE

Andreas M. Antonopoulos is a technologist and serial entrepreneur who has become one of the most well-known and respected figures in bitcoin.

Follow on Twitter: @aantonop https://twitter.com/aantonop
Website: https://antonopoulos.com/

He is the author of two books: “Mastering Bitcoin,” published by O’Reilly Media and considered the best technical guide to bitcoin; “The Internet of Money,” a book about why bitcoin matters.

Subscribe to the channel to learn more about Bitcoin & open blockchains; click on the red bell to enable notifications about new videos!

MASTERING BITCOIN, 2nd Edition: https://amzn.to/2xcdsY9

Translations of MASTERING BITCOIN: https://bitcoinbook.info/translations-of-mastering-bitcoin/

THE INTERNET OF MONEY, v1: https://amzn.to/2ykmXFs

THE INTERNET OF MONEY, v2: https://amzn.to/2IIG5BJ

Translations of THE INTERNET OF MONEY:
Spanish, ‘Internet del Dinero’ (v1) – https://amzn.to/2yoaTTq
French, ‘L’internet de l’argent’ (v1) – https://www.amazon.fr/Linternet-largent-Andreas-M-Antonopoulos/dp/2856083390
Russian, ‘Интернет денег’ (v1) – https://www.olbuss.ru/catalog/ekonomika-i-biznes/korporativnye-finansy-bankovskoe-delo/internet-deneg
Vietnamese, ‘Internet Của Tiền Tệ’ (v1) – https://alphabooks.vn/khi-tien-len-mang

MASTERING ETHEREUM (Q4): https://amzn.to/2xdxmlK

Music: “Unbounded” by Orfan (https://www.facebook.com/Orfan/)
Outro Graphics: Phneep (http://www.phneep.com/)
Outro Art: Rock Barcellos (http://www.rockincomics.com.br/)

source

Recommended For You

About the Author: aantonop

19 Comments

  1. I got question. What would happen if a government decided to through billions of dollars to build a mining farm. How hard would it be for say the us to through a trillion dollars at a mining farm to make themselves above the 50% of the network. What is in place to make sure that doesn't change bitcoin? Uncle Sam spends billions if not trillions just to spy on us what happens if they turn that against bitcoin?

  2. BCH dev found it, even divided Bitcoin is still the most anti-fragile thing that exists. Finanical tribal anymocity of some prominent bitcoiners is counterproductive

  3. Andreas is my hero but I don't think his closing remarks were right. He said this didn't kill Bitcoin; it only made it stronger. Um, yeah but that's because the bug wasn't exploited. Imagine if the programmer that discovered it quietly took it to Chase Bank CEO Jamie Dimon. Andreas could have conceded we almost saw Bitcoin go to zero.

  4. Wouldn't test driven development (TDD) with solid code coverage have exposed this bug when the associated optimization was introduced? Do C++ programmers just not have TDD in their culture?

Leave a Reply