Lucene search
K

8 matches found

NVD
NVD
added 2026/05/15 5:16 p.m.46 views

CVE-2026-44714

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

7.5CVSS0.0027EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/15 4:51 p.m.7 views

CVE-2026-44714 bitcoinj: ScriptExecution P2PKH/P2WPKH Verification Bypass

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/15 4:51 p.m.6 views

CVE-2026-44714

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/08 5:43 p.m.42 views

GHSA-HFCF-V2F8-X9PC bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass

Summary ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify tha...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-39293

Summary ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify tha...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/02 10:9 p.m.10 views

@keep-network/tbtc-v2 revealing P2PKH deposit with a wrapped P2SH script

Overview P2PKH has 20 bytes just like P2SH. We protect against revealing P2PKH deposits by manually assembling the expected P2SH script in the smart contract and comparing hashes. However, we missed the case when the attacker embeds a valid P2SH inside of P2PKH as an output script. bitcoin-spv...

6AI score
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/02 10:9 p.m.7 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash in the P2SH check during deposit reveal. An attacker can cause protocol insolvency by crafting a transaction that embeds a valid P2SH inside a P2PKH output script, which is incorrectly treated as a valid P2SH output by...

8.7CVSS6AI score
Exploits0References2
OSV
OSV
added 2023/05/26 9:15 p.m.4 views

DEBIAN-CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

7.5CVSS6.7AI score0.02489EPSS
Exploits1References1
Rows per page
Query Builder