{"id":"CVE-2018-17145","details":"Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15.","aliases":["GHSA-hx3r-jv9q-85jw"],"modified":"2026-04-10T04:09:48.901068Z","published":"2020-09-10T17:15:25.767Z","references":[{"type":"ADVISORY","url":"https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145"},{"type":"ADVISORY","url":"https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md"},{"type":"ADVISORY","url":"https://invdos.net"},{"type":"EVIDENCE","url":"https://invdos.net/paper/CVE-2018-17145.pdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bcoin-org/bcoin","events":[{"introduced":"0"},{"fixed":"58ea98dadbbbcc2066a1d4c946cea28f1d2f942b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.0.2"}]}},{"type":"GIT","repo":"https://github.com/btcsuite/btcd","events":[{"introduced":"0"},{"last_affected":"486429888449e8834208f718823b073816a1977e"},{"introduced":"0"},{"last_affected":"7eb9deee35eac318ade87d48b6513a8f414c785d"},{"introduced":"0"},{"last_affected":"1e93cdad6ec9bae8513b992bd5a0a397eb9c195b"},{"introduced":"0"},{"last_affected":"3108b944017b14a3c5863ed1401f1a2471907d84"},{"introduced":"0"},{"last_affected":"bbc3c1cf7ee153b854f5b51188911e2dce53352e"},{"introduced":"0"},{"last_affected":"d8ec5bd33cfc538a6bfdeb4821c29529088e1d48"},{"introduced":"0"},{"last_affected":"7cfef69f23771d45d52dd2860458a27a45820737"},{"introduced":"0"},{"last_affected":"40cdacde23c81f73a0552cfef68dd4736aa47aef"},{"introduced":"0"},{"last_affected":"7b0116dfd048745caa13e52e30eb0cd906318271"},{"introduced":"0"},{"last_affected":"02647404faa798388cb1bfc913f2c9a5a9dc4c30"},{"introduced":"0"},{"last_affected":"cfefe14153eeb37b4719cecf91c764ca66eaffee"},{"introduced":"0"},{"last_affected":"177f09ba00534415054c2e9bb37104cf5d9616c0"},{"introduced":"0"},{"last_affected":"d12b3a144c08994734107a57dfe6462a66b0f495"},{"introduced":"0"},{"last_affected":"cea5d3c1cc16eb07a1686c557db23004655ae11b"},{"introduced":"0"},{"last_affected":"a41498d578a99c1619037746abd916176ea61052"},{"introduced":"0"},{"last_affected":"f3ec13030e4e828869954472cbc51ac36bee5c1d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.3.0-alpha"},{"introduced":"0"},{"last_affected":"0.3.1-alpha"},{"introduced":"0"},{"last_affected":"0.3.2-alpha"},{"introduced":"0"},{"last_affected":"0.3.3-alpha"},{"introduced":"0"},{"last_affected":"0.4.0-alpha"},{"introduced":"0"},{"last_affected":"0.5.0-alpha"},{"introduced":"0"},{"last_affected":"0.6.0-alpha"},{"introduced":"0"},{"last_affected":"0.7.0-alpha"},{"introduced":"0"},{"last_affected":"0.8.0-beta"},{"introduced":"0"},{"last_affected":"0.9.0-beta"},{"introduced":"0"},{"last_affected":"0.10.0-beta"},{"introduced":"0"},{"last_affected":"0.11.0-beta"},{"introduced":"0"},{"last_affected":"0.11.1-beta"},{"introduced":"0"},{"last_affected":"0.12.0-beta"},{"introduced":"0"},{"last_affected":"0.20.0-beta"},{"introduced":"0"},{"last_affected":"0.20.1-beta"}]}},{"type":"GIT","repo":"https://github.com/decred/dcrd","events":[{"introduced":"0"},{"fixed":"8e04ae7c545abbee5871921b513316cb9f8ac46f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.5.2"}]}},{"type":"GIT","repo":"https://github.com/litecoin-project/litecoin","events":[{"introduced":"514e0681d6ca6bc17a8726dc8b28a3f1eab623f1"},{"fixed":"eba0e1ca3fb4088998461b02ec6831858cc24144"},{"introduced":"514e0681d6ca6bc17a8726dc8b28a3f1eab623f1"},{"fixed":"eba0e1ca3fb4088998461b02ec6831858cc24144"},{"introduced":"514e0681d6ca6bc17a8726dc8b28a3f1eab623f1"},{"fixed":"eba0e1ca3fb4088998461b02ec6831858cc24144"},{"introduced":"514e0681d6ca6bc17a8726dc8b28a3f1eab623f1"},{"fixed":"eba0e1ca3fb4088998461b02ec6831858cc24144"}],"database_specific":{"versions":[{"introduced":"0.16.0"},{"fixed":"0.16.2"},{"introduced":"0.16.0"},{"fixed":"0.16.2"},{"introduced":"0.16.0"},{"fixed":"0.16.2"},{"introduced":"0.16.0"},{"fixed":"0.16.2"}]}}],"versions":["BTCD_0_10_0_BETA","BTCD_0_11_0_BETA","BTCD_0_11_1_BETA","BTCD_0_12_0_BETA","BTCD_0_3_0_ALPHA","BTCD_0_3_1_ALPHA","BTCD_0_3_2_ALPHA","BTCD_0_3_3_ALPHA","BTCD_0_4_0_ALPHA","BTCD_0_5_0_ALPHA","BTCD_0_6_0_ALPHA","BTCD_0_7_0_ALPHA","BTCD_0_8_0_BETA","BTCD_0_9_0_BETA","addrmgr/v1.0.0","addrmgr/v1.0.1","addrmgr/v1.0.2","addrmgr/v1.1.0","bech32/v1.0.0","blockchain/stake/v1.0.0","blockchain/stake/v1.0.1","blockchain/stake/v1.0.2","blockchain/stake/v1.1.0","blockchain/stake/v1.2.0","blockchain/stake/v2.0.0","blockchain/stake/v2.0.1","blockchain/stake/v2.0.2","blockchain/standalone/v1.0.0","blockchain/standalone/v1.1.0","blockchain/v1.0.0","blockchain/v1.0.1","blockchain/v1.0.2","blockchain/v1.1.0","blockchain/v1.1.1","blockchain/v1.2.0","blockchain/v2.0.0","blockchain/v2.0.1","blockchain/v2.0.2","blockchain/v2.1.0","certgen/v1.0.0","certgen/v1.0.1","certgen/v1.0.2","certgen/v1.1.0","chaincfg/chainhash/v1.0.0","chaincfg/chainhash/v1.0.1","chaincfg/chainhash/v1.0.2","chaincfg/v1.0.0","chaincfg/v1.0.1","chaincfg/v1.1.0","chaincfg/v1.1.1","chaincfg/v1.2.0","chaincfg/v1.2.1","chaincfg/v1.3.0","chaincfg/v1.4.0","chaincfg/v1.5.0","chaincfg/v2.0.0","chaincfg/v2.0.1","chaincfg/v2.0.2","chaincfg/v2.1.0","chaincfg/v2.2.0","chaincfg/v2.3.0","connmgr/v1.0.0","connmgr/v1.0.1","connmgr/v1.0.2","connmgr/v1.1.0","connmgr/v2.0.0","connmgr/v2.1.0","crypto/blake256/v1.0.0","crypto/ripemd160/v1.0.0","database/v1.0.0","database/v1.0.1","database/v1.0.2","database/v1.0.3","database/v1.1.0","database/v2.0.0","database/v2.0.1","dcrec/edwards/v1.0.0","dcrec/edwards/v2.0.0","dcrec/secp256k1/v1.0.0","dcrec/secp256k1/v1.0.1","dcrec/secp256k1/v1.0.2","dcrec/secp256k1/v2.0.0","dcrec/v1.0.0","dcrjson/v1.0.0","dcrjson/v1.1.0","dcrjson/v1.2.0","dcrjson/v2.0.0","dcrjson/v2.1.0","dcrjson/v3.0.0","dcrjson/v3.0.1","dcrutil/v1.0.0","dcrutil/v1.1.0","dcrutil/v1.1.1","dcrutil/v1.2.0","dcrutil/v1.3.0","dcrutil/v2.0.0","dcrutil/v2.0.1","fees/v1.0.0","fees/v2.0.0","gcs/v1.0.0","gcs/v1.0.1","gcs/v1.0.2","gcs/v1.1.0","gcs/v2.0.0","gcs/v2.0.1","hdkeychain/v1.0.0","hdkeychain/v1.1.0","hdkeychain/v1.1.1","hdkeychain/v2.0.0","hdkeychain/v2.0.1","hdkeychain/v2.1.0","lru/v1.0.0","mempool/v1.0.0","mempool/v1.0.1","mempool/v1.1.0","mempool/v1.1.1","mempool/v1.2.0","mempool/v2.0.0","mempool/v2.1.0","mempool/v3.0.0","mempool/v3.1.0","mining/v1.0.0","mining/v1.0.1","mining/v1.1.0","mining/v1.1.1","mining/v2.0.0","mining/v2.0.1","peer/v1.0.0","peer/v1.0.1","peer/v1.1.0","peer/v1.2.0","peer/v2.0.0","peer/v2.1.0","release-v1.2.0","release-v1.3.0-rc1","release-v1.4.0-rc1","release-v1.5.0","release-v1.5.0-rc1","release-v1.5.0-rc2","release-v1.5.1","release-v1.5.1-rc1","rpc/jsonrpc/types/v1.0.0","rpc/jsonrpc/types/v2.0.0","rpcclient/v1.0.0","rpcclient/v1.0.1","rpcclient/v1.0.2","rpcclient/v1.1.0","rpcclient/v2.0.0","rpcclient/v2.1.0","rpcclient/v3.0.0","rpcclient/v4.0.0","rpcclient/v5.0.0","txscript/v1.0.0","txscript/v1.0.1","txscript/v1.0.2","txscript/v1.1.0","txscript/v2.0.0","txscript/v2.1.0","v0.0.10","v0.0.2","v0.0.4","v0.0.5","v0.0.6","v0.0.7","v0.0.8","v0.0.9","v0.1.0","v0.1.1","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.10.0","v0.11.0","v0.11.1","v0.12.0","v0.12.1","v0.13.0","v0.14.0","v0.14.1","v0.14.2","v0.14.3","v0.14.4","v0.15.0","v0.2.0","v0.20.0-beta","v0.20.1-beta","v0.3.0","v0.3.1","v0.3.2","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.5.0","v0.6.0","v0.6.1","v0.6.2","v0.6.3","v0.7.0","v0.7.1","v0.7.2","v0.7.3","v0.7.4","v0.7.5","v0.8.0","v0.8.2","v0.9.0","v0.9.1","v0.9.2","v0.9.3","v1.0.0","v1.0.0-beta","v1.0.0-beta.1","v1.0.0-beta.10","v1.0.0-beta.11","v1.0.0-beta.12","v1.0.0-beta.13","v1.0.0-beta.14","v1.0.0-beta.15","v1.0.0-beta.2","v1.0.0-beta.3","v1.0.0-beta.4","v1.0.0-beta.5","v1.0.0-beta.6","v1.0.0-beta.7","v1.0.0-beta.8","v1.0.0-beta.9","v1.0.1","v1.0.3","v1.0.5","v1.0.7","v1.0.8","v1.1.0","v1.1.2","v1.2.0","v1.2.0-rc1","v1.2.0-rc2","wire/v1.0.0","wire/v1.0.1","wire/v1.1.0","wire/v1.2.0","wire/v1.3.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.13.0-beta"}]},{"events":[{"introduced":"0"},{"last_affected":"0.13.0-beta2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17145.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}