SCA: security update for github.com/btcsuite/btcd (GHSA-27vh-h6mc-q6g8)

high Tenable Cloud Security Plugin ID 408779

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client
(versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality.
This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to
btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). This consensus failure can be
leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd
nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete
doesn't return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain
split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require
any hash power. This is because the difference in behavior can be triggered by a "standard" Bitcoin
transaction, that is a transaction which gets relayed through the P2P network before it gets included in a
Bitcoin block. `removeOpcodeByData(script []byte, dataToRemove []byte)` removes any data pushes from
`script` that contain `dataToRemove`. However, `FindAndDelete` only removes exact matches. So for example,
with `script = "<data> <data||foo>"` and `dataToRemove = "data"` btcd will remove both data pushes but
Bitcoin Core's `FindAndDelete` only removes the first `<data>` push. This has been patched in btcd version
v0.24.2. Users are advised to upgrade. There are no known workarounds for this issue. (CVE-2024-38365)

See Also

https://github.com/advisories/GHSA-27vh-h6mc-q6g8

Plugin Details

Severity: High

ID: 408779

Version: Revision 1.19

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.3

Percentile: 53.23

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:C

CVSS Score Source: CVE-2024-38365

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.3

Threat Score: 4.9

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 10/10/2024

Vulnerability Publication Date: 10/10/2024

Reference Information

CVE: CVE-2024-38365

cwe: CWE-670