Fuller-Khan Paper Reveals Major Platforms Affected by the Out-of-Memory Vulnerability

The out of memory vulnerability was exploited in many platforms like Bitcoin, Litecoin, Namecoin and Decred using the Denial of Service (DoS) attack.
  • Research paper by Braydon Fuller and Javed Khan revealed the Bitcoin Inventory Out-of-Memory Denial-of-Service Attack
  • The vulnerability was first detected by Braydon Fuller back in 2018

A recent research paper by Braydon Fuller and Javed Khan revealed the Bitcoin Inventory Out-of-Memory Denial-of-Service Attack. The out of memory vulnerability was exploited in many platforms like Bitcoin, Litecoin, Namecoin and Decred using the Denial of Service (DoS) attack. Braydon Fuller is a software engineer at the cryptocurrency e-commerce website, Purse and on the other hand, is one of the co-developers of the Handshake protocol.

Fuller Found the First Vulnerability in 2018

The vulnerability was first detected by Braydon Fuller back in 2018 and as per the Report was fixed back in 2018 secretly. Again on 26th June 2020, Javed discovered that the vulnerability also prevailed in the Btcd platform. Soon after it was found that Dcrd was also affected by the vulnerability on Tuesday, July 7th, 2020. The discovered vulnerability reportedly to the typical Decred Bug Bounty program. It was found that at the time of discovery the vulnerability represented more than 50% of the publicly advertised BTC nodes and the majority of them are expected to be miners and cryptocurrency exchanges.

List of the Affected Versions That Were and are Still Affected by the Vulnerability

All the versions which included the vulnerability were Bitcoin Core v0.16.0, Bitcoin Core v0.16.1, Bitcoin Knots v0.16.0, all beta versions of Bcoin up to v1.0.0-pre, all versions of Btcd up to v0.20.1-beta, Litecoin Core v0.16.0, Namecoin Core v0.16.1, and all versions of Dcrd up to v1.5.1. These versions are still affected by the vulnerability. However, it was patched in the follow-up versions including Bitcoin Core v0.16.2+, Bitcoin Knots v0.16.2+, Bcoin v1.0.2+, Btcd v0.21.0-beta+, Litecoin Core v0.16.2+, Name-coin v0.16.2+, and Dcrd v1.5.2+.

The Vulnerability has a Severity of 7.8 Could Potentially Lead to Hacking Activities

Other protocols like Zcash, Bitcoin ABC, Bitcoin Gold, Bitcoin Unlimited, Bitcoin XT were not affected by the vulnerability as per the research. However, the vulnerability was ranked 7.8 on a scale of 1 to 10 which indicates that it was highly dangerous. This would mean that the hackers can easily attack and steal the funds from the nodes of the Open Lightning Network and may even cause delayed settlements. The vulnerability may be exploited in order to fork the entire blockchain.