The U.S. National Vulnerability Database (NVD), a central repository for cybersecurity threats, has hosted a page concerning an alleged bug related to Bitcoin inscriptions as of Dec. 9.
Inscriptions, a fundamental aspect of a Bitcoin feature known as Ordinals, allow for the creation of digital collectibles similar to non-fungible tokens (NFTs) — a feature not typically that was not possible on Bitcoin before a key upgrade in January 2023.
The U.S. National Vulnerability Database (NVD) is a pivotal resource for cybersecurity, particularly relevant for crypto-natives concerned about digital asset security. Managed by the National Institute of Standards and Technology, the NVD catalogs software and hardware vulnerabilities, providing detailed information and severity ratings. Its integration with cybersecurity tools aids in real-time threat assessment, a crucial factor for the constantly evolving blockchain and cryptocurrency sector.
The NVD database directly quotes an earlier GitHub advisory. Both pages state that it is possible to bypass Bitcoin’s data carrier size by obfuscating data as code. They also state that the vulnerability was “exploited in the wild by Inscriptions in 2022 and 2023.”
The government database additionally classifies the issue as 5.3 or “medium” risk on its CVSS 3.x Severity and Metrics scale. A link to the official Bitcoin Wiki indicates that the issue is easy to exploit but is a denial-of-service (DoS) risk, which implies that Bitcoin wallet balances are not directly at risk.
The fact that the NVD lists the bug does not mean that the U.S. government recognizes the bug; rather, the site accepts reports from external users. The NIST also states it does not endorse external links that describe the vulnerability.
Database cites Luke Dashjr’s original complaint
One of the pages cited by the NVD database is a comment from Bitcoin Core developer Luke Dashjr, who warned of Ordinals-related spam on Dec. 6. He said:
“PSA: ‘Inscriptions’ are exploiting a vulnerability in Bitcoin Core to spam the blockchain. Bitcoin Core has, since 2013, allowed users to set a limit on the size of extra data in transactions they relay or mine (`-datacarriersize`). By obfuscating their data as program code, Inscriptions bypass this limit.”
He added that the vulnerability had been labeled CVE-2023-50428, though the relevant GitHub page indicates that the submission is unreviewed as of Dec. 11.
The vulnerability is controversial despite its…
Click Here to Read the Full Original Article at Bitcoin (BTC) News | CryptoSlate…
