127 matches found
Design/Logic Flaw
bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions...
Authentication flaw
The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack...
CVE-2013-4165
The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack...
CVE-2013-3219
CVE-2013-3219 affects bitcoind/Bitcoin-Qt 0.8.x prior to 0.8.1. The root cause is failure to enforce a block protocol rule, enabling remote attackers to bypass access restrictions and attempt double-spending via a large block that triggers incorrect Berkeley DB locking in older builds. Remediatio...
CVE-2013-3220
bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service split an...
CVE-2013-3220
CVE-2013-3220 affects bitcoind/Bitcoin-Qt (and wxBitcoin) across multiple older branches, where blocks of large size could trigger excessive Berkeley DB locking. This allows remote DoS (split) and certain double-spending capabilities. Affected versions include pre-0.4.9rc2, pre-0.5.8rc2, pre-0.6....
CVE-2013-4627
Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service memory consumption via a large amount of tx message data...
CVE-2013-4627
CVE-2013-4627 applies to bitcoind and Bitcoin-Qt 0.8.x. The vulnerability allows remote attackers to cause a denial of service by sending a large amount of tx message data, resulting in memory consumption. A patch/update was released (Bitcoin-Qt 0.8.4) to fix this DoS issue and related vulnerabil...
CVE-2013-4165
CVE-2013-4165 affects bitcoind 0.8.1, where the HTTPAuthorized function in bitcoinrpc.cpp leaks timing information on the first incorrect password byte, enabling remote attackers to guess passwords via a timing side-channel. Impact: authenticated RPC password guessing vulnerability. Remediation: ...
CVE-2013-3219
bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions...
CVE-2013-3219
Removed by vendor...
CVE-2013-4165
Removed by vendor...
CVE-2013-4165
The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack...
CVE-2013-2273
bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in th...
CVE-2012-4684
The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service resource consumption via a valid modified signature for a...
CVE-2013-2293
The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service disk I/O consumption via a Bitcoin transaction with many inputs...
CVE-2013-2292
bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service electricity consumption by mining a block to create a nonstandard Bitcoin transaction containing multiple OPCHECKSIG script opcodes...
CVE-2013-2272
The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet...
Code injection
bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service electricity consumption by mining a block to create a nonstandard Bitcoin transaction containing multiple OPCHECKSIG script opcodes...
Design/Logic Flaw
The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet...