You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We recently found and confirmed that BTCGPU Core in the **latest release ** (version 0.17.3) and earlier versions are affected by a remote code execution vulnerability in Qt5-based GUI apps. Specifically, the QApplication in Qt framework used by the BTCGPU GUI Program will parse Qt built-in arguments, such as -reverse and -platformpluginpath (see the document here).
For example, when you start the bitcoin-qt.exe program in command line and then append a built-in argument, such as -reverse, e.g., "C:\Program Files BitcoinGold\bitcoin-qt.exe" bitcoin:address -reverse, you will get a reverse BTCGPU GUI.
For more details, you may also refer to the following pages.
The vulnerable code in BTCGPU: src/qt/bitcoin.cpp, see line 285 to 292.
URI Argument Injection in BTCGPU-Qt
We recently found and confirmed that BTCGPU Core in the **latest release ** (version
0.17.3) and earlier versions are affected by a remote code execution vulnerability in Qt5-based GUI apps. Specifically, theQApplicationinQtframework used by the BTCGPU GUI Program will parseQt built-inarguments, such as-reverseand-platformpluginpath(see the document here).For example, when you start the
bitcoin-qt.exeprogram in command line and then append a built-in argument, such as-reverse, e.g.,"C:\Program Files BitcoinGold\bitcoin-qt.exe" bitcoin:address -reverse, you will get a reverse BTCGPU GUI.For more details, you may also refer to the following pages.
src/qt/bitcoin.cpp, see line 285 to 292.Reported by
de957ad9679f28a38f02f00cc7928bce8fb424882ff060a3c09c32895b1474cc.Attachment
The text was updated successfully, but these errors were encountered: