What is Nostr?
alicexbt [ARCHIVE] /
npub1w30…zhn2
2023-06-07 23:21:42
in reply to nevent1q…un6m

alicexbt [ARCHIVE] on Nostr: 📅 Original date posted:2023-05-08 🗒️ Summary of this message: A vulnerability ...

📅 Original date posted:2023-05-08
🗒️ Summary of this message: A vulnerability in Bitcoin Core was reported publicly on GitHub, but the author suggests it should have been reported privately as a potential security issue.
📝 Original message:Hi Bitcoin Developers,

There is an open issue in bitcoin core repository which was created last week: https://github.com/bitcoin/bitcoin/issues/27586

I think this should have been reported privately as vulnerability instead of creating a GitHub issue even if it worked only in debug mode. Some users in the comments have also experienced similar issues without debug build used for bitcoind. I have not noticed any decline in the number of listening nodes on bitnodes.io in last 24 hours so I am assuming this is not an issue with majority of bitcoin core nodes. However, things could have been worse and there is nothing wrong in reporting something privately if there is even 1% possibility of it being a vulnerability. I had recently reported something to LND security team based on a closed issue on GitHub which eventually was not considered a vulnerability: https://github.com/lightningnetwork/lnd/issues/7449

In the CPU usage issue, maybe the users can run bitcoind with bigger mempool or try other things shared in the issue by everyone.

This isn't the first time either when vulnerability was reported publicly: https://gist.github.com/chjj/4ff628f3a0d42823a90edf47340f0db9 and this was even exploited on mainnet which affected some projects.

This email is just a request to consider the impact of any vulnerability if gets exploited could affect lot of things. Even the projects with no financial activity involved follow better practices.

/dev/fd0
floppy disk guy

Sent with [Proton Mail](https://proton.me/) secure email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230509/c664f3f5/attachment-0001.html>;
Author Public Key
npub1w30zwgl8947760cd62fawy9hqmxnq24cga5c8s5j6j7m07w96dnqzjzhn2