Back to Vulnerability database

Out-of-bounds read when importing corrupt blockchain with monero-blockchain-import

ID Submit date Publish date Author Score
1 10.29.2018 10.29.2018 Florian Kohnhäuser (ovrflow) 2.7

Decription

It is possible to trigger an out-of-bounds read in monero-blockchain-import when importing a corrupt blockchain and not verifying blocks and transitions during import (--verify 0). Using a corrupt import_file, the attacker has full control over buffer_block in import_from_file (blockchain_import.cpp). As txs as well as blk originate from the bootstrap::block_package bp generated in blockchain_import, they can be set to arbitrary values by the attacker. In particular, if bp is crafted such that bp.txs.size() > bp.block.tx_hashes.size(), then an out-of-bounds memory corruption happens in the for loop when accessing blk.tx_hashes. Since there is no actual tx, adding the tx will fail, and that should be it. Since this is local, there is no information leak. BVSS:1.1/B:N/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/CI:N/II:L/AI:N

Component

Protocol

Platform

Monero

Subclass

Out-of-bounds Read

Comments