CVE-2021-3401 – This vulnerability in Bitcoin Core could allow ... (How to Fix)

Q: What is the severity of CVE-2021-3401?

CVE-2021-3401 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Bitcoin Core could allow remote code execution when malicious arguments are passed to the bitcoin-qt program through unsafe URI handling. It affects Bitcoin Core versions before 0.19.0 when used with desktop environments or web browsers that improperly handle bitcoin:// URIs. The discoverer notes uncertainty about actual exploitability.

📋 TL;DR

This vulnerability in Bitcoin Core could allow remote code execution when malicious arguments are passed to the bitcoin-qt program through unsafe URI handling. It affects Bitcoin Core versions before 0.19.0 when used with desktop environments or web browsers that improperly handle bitcoin:// URIs. The discoverer notes uncertainty about actual exploitability.

💻 Affected Systems

Products:

Bitcoin Core

Versions: All versions before 0.19.0

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ✅ No

Notes: Requires specific unsafe configuration where another application passes the -platformpluginpath argument to bitcoin-qt, typically through desktop file handlers or web browser URI handling.

📦 What is this software?

Bitcoin by Bitcoin

View all CVEs affecting Bitcoin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers could execute arbitrary code with the privileges of the Bitcoin Core user, potentially leading to full system compromise, theft of cryptocurrency, or installation of malware.

🟠

Likely Case

Limited impact due to the specific conditions required for exploitation and the discoverer's doubts about actual exploitability; most likely would result in denial of service or failed exploitation attempts.

🟢

If Mitigated

No impact if using Bitcoin Core 0.19.0 or later, or if URI handlers are properly configured to avoid passing unsafe arguments.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

The vulnerability requires specific conditions and the original discoverer expressed doubts about actual exploitability. No known public exploits exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.19.0 and later

Vendor Advisory: https://github.com/bitcoin/bitcoin/security/advisories/GHSA-5v2v-7v9m-8c5h

Restart Required: Yes

Instructions:

1. Download Bitcoin Core 0.19.0 or later from bitcoin.org. 2. Stop the Bitcoin Core application. 3. Install the new version. 4. Restart Bitcoin Core.

🔧 Temporary Workarounds

Disable unsafe URI handlers

all

Configure desktop environments and web browsers to not pass unsafe arguments when handling bitcoin:// URIs

Use command-line interface only

all

Avoid using bitcoin-qt GUI and use bitcoind command-line interface instead

🧯 If You Can't Patch

Isolate Bitcoin Core systems from untrusted networks and applications
Implement strict application whitelisting to prevent unauthorized applications from interacting with Bitcoin Core

🔍 How to Verify

Check if Vulnerable:

Check Bitcoin Core version: bitcoin-qt --version or bitcoind --version. If version is below 0.19.0, the system is vulnerable.

Check Version:

bitcoin-qt --version || bitcoind --version

Verify Fix Applied:

After updating, verify version is 0.19.0 or higher using bitcoin-qt --version or bitcoind --version.

📡 Detection & Monitoring

Log Indicators:

Unusual process launches from bitcoin-qt
Error messages related to -platformpluginpath argument
Failed URI handler invocations

Network Indicators:

Unusual network connections originating from Bitcoin Core process

SIEM Query:

process_name:bitcoin-qt AND (command_line:*platformpluginpath* OR parent_process:*desktop* OR parent_process:*browser*)

📊 Metadata

CVE ID: CVE-2021-3401

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-88

Published: February 4, 2021

Last Updated: November 21, 2024

🔗 References

https://achow101.com/2021/02/0.18-uri-vuln Third Party Advisory
https://github.com/bitcoin/bitcoin/pull/16578 Patch,Third Party Advisory
https://achow101.com/2021/02/0.18-uri-vuln Third Party Advisory
https://github.com/bitcoin/bitcoin/pull/16578 Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3401, you might also want to check these: