54 matches found
CVE-2024-52915
CVE-2024-52915 affects Bitcoin Core before 0.20.0. The issue allows remote attackers to cause a denial-of-service via a crafted INV message that triggers memory consumption. Affected versions are prior to 0.20.0; remediation is to upgrade to version 0.20.0 or later. Public documents in the provid...
CVE-2021-3195
Summary: CVE-2021-3195 affects Bitcoin Core (bitcoind) up to version 0.21.0, where a dumpwallet RPC call can create a new file in an arbitrary directory (e.g., outside ~/.bitcoin). This behavior is described as potentially violating the security model of forks with dumpwallet restrictions, though...
CVE-2019-15947
Bitcoin Core 0.18.0 stores wallet.dat data unencrypted in memory; on crash a core dump can enable an attacker to reconstruct wallet.dat with private keys by grepping for the sequence 6231 0500. Mitigation: upgrade to Bitcoin Core 0.20.x (e.g., 0.20.1) as advised by Mageia/Gentoo OSS advisories; n...
CVE-2023-33297
Bitcoin Core prior to v24.1 is affected by CVE-2023-33297. When debug mode is not enabled, the node’s inventory-to-send queue draining is inefficient, allowing a denial-of-service (e.g., CPU consumption). The issue has been observed in the wild (May 2023). A fix is provided in Bitcoin Core 24.1 a...
CVE-2018-17144
CVE-2018-17144 affects Bitcoin Core: versions 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3, plus Bitcoin Knots 0.14.x–0.16.x before 0.16.3. It allows a remote denial of service (application crash) via duplicate inputs exploited by miners, causing bitcoind/Bitcoin-Qt to cra...
CVE-2024-52919
Bitcoin Core before 22.0 contains a CAddrMan nIdCount integer overflow triggered by a flood of addr messages, causing an assertion failure and daemon exit. Affected component: CAddrMan in Bitcoin Core. Impact is a crash/daemon restart; exploitation status not detailed in provided docs. Remediatio...
CVE-2023-37192
Bitcoin Core (v22) is affected by a memory management/protection issue that allows an attacker to modify the stored sending address in the application’s memory, potentially redirecting transactions to wallets of the attacker’s choosing. The vulnerability concerns the core wallet handling path and...
CVE-2017-18350
Affected software: bitcoind and Bitcoin-Qt prior to 0.15.1. Issue: a stack-based buffer overflow caused by a signedness error when a attacker-controlled SOCKS proxy responds with an acknowledgement to an unexpected domain name. Impact details are consistent with the CVE, including a partial avail...
CVE-2024-35202
CVE-2024-35202 affects Bitcoin Core prior to 25.0. The vulnerability allows remote attackers to cause a denial of service by including transactions in a blocktxn message that are not committed to in a block’s merkle root, triggering a blocktxn-handling assertion and node exit. The issue is associ...
CVE-2015-3641
CVE-2015-3641 affects bitcoind and Bitcoin-Qt prior to 0.10.2, allowing a denial-of-service via an “Easy” attack (attackers could disable functionality or crash the client). Connected sources indicate the vulnerability is tied to older Bitcoin Core versions and that mitigation is to upgrade to ve...
CVE-2010-5139
CVE-2010-5139 describes an integer overflow in wxBitcoin and bitcoind up to version 0.3.11 that allows remote attackers to bypass economic restrictions and mint an unusually large number of bitcoins via a crafted Bitcoin transaction. Affected components are the Bitcoin reference client binaries s...
CVE-2018-20586
CVE-2018-20586 affects bitcoind and Bitcoin-Qt prior to 0.17.1, where an RPC call can inject arbitrary data into the debug log. Affected component: Bitcoin Core’s RPC/debug logging. Root cause: ability to write arbitrary data via RPC into logs. Impact: log contents could be polluted with attacker...
CVE-2018-17145
CVE-2018-17145 affects Bitcoin Core 0.16.x prior to 0.16.2 and Bitcoin Knots 0.16.x prior to 0.16.2. The root cause is mishandling of inventory (inv) messages, allowing an attacker to cause remote denial of service by flooding with multiple transaction inv messages using random hashes. Impact des...
CVE-2013-2293
The CVE-2013-2293 issue affects bitcoind and Bitcoin-Qt prior to 0.8.0rc1. The CTransaction::FetchInputs function copies transactions from disk to memory without incrementally validating spent prevouts, enabling remote attackers to trigger a denial of service through a transaction with many input...
CVE-2017-12842
Bitcoin Core before 0.14 is vulnerable to an SPV proof manipulation flaw. An attacker can craft an ostensibly valid SPV proof for a payment to a victim’s SPV wallet even if the payment never occurred, potentially misleading the wallet into accepting non-existent transactions. The attack cost is d...
CVE-2020-14198
CVE-2020-14198 affects Bitcoin Core 0.20.0, enabling remote denial of service. CVSSv3.1 metrics shown: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base 7.5, HIGH) and CVSSv2 base 5.0 (PARTIAL impact). Public references note the issue alongside CVE-2019-15947, with advisories recommending upgrading to a ...
CVE-2024-52922
CVE-2024-52922 affects Bitcoin Core up to version 25.0, where an attacker can stall an announcing peer, causing a node to delay or fail to download the latest block. The root cause is a minutes-long stall when peers do not comply with the peer-to-peer protocol, allowing impact on block propagatio...
CVE-2024-52912
Bitcoin Core before 0.21.0 is affected. The issue stems from an integer overflow when calculating the time offset for newly connecting peers, combined with an abs64 logic bug, which can cause a network split. Red Hat, NVD, OSV, CIRCL and other feeds corroborate that prior to 0.21.0, this vulnerab...
CVE-2024-52921
CVE-2024-52921 affects Bitcoin Core prior to 25.0. A peer can alter the download state of other peers by sending a mutated block, potentially disrupting block propagation and peer synchronization. Affected component: Bitcoin Core networking/block processing; root cause: processing of malformed/mu...
CVE-2016-10724
CVE-2016-10724 affects Bitcoin Core before v0.13.0 (and related forks such as Bitcoin Knots before v0.13.0.knots20160814, plus many altcoins). The root cause is a memory-exhaustion denial-of-service vulnerability triggered by the remote network alert system, enabled if an attacker can sign a mess...
CVE-2023-50428
Affected software: Bitcoin Core up to 26.0 and Bitcoin Knots up to 25.1.knots20231115. Issue: datacarrier size limits can be bypassed by obfuscating data as code (e.g., OP_FALSE OP_IF). In the wild, this has been exploited by Inscriptions in 2022–2023. Impact: data-carrier limit bypass; potential...
CVE-2024-52913
Bitcoin Core prior to 0.21.0 is affected. An attacker could prevent a node from seeing a specific unconfirmed transaction because transaction re-requests are mishandled (CVE-2024-52913). The Red Hat advisories confirm the same impact. The CVSS indicates network attack vector, low complexity, no p...
CVE-2024-52920
CVE-2024-52920 affects Bitcoin Core prior to 0.20.0. The issue enables remote attackers to cause a denial of service by sending a malformed GETDATA message, resulting in an infinite loop and potential node crash. Affected product: Bitcoin Core (versions before 0.20.0). Root cause: handling of GET...
CVE-2019-25220
CVE-2019-25220 concerns Bitcoin Core prior to 24.0.1. The issue arises when a node accepts a flood of low‑difficulty header chains and stores them without first verifying that the presented chain has enough work, enabling a denial of service (daemon crash). Public references in the connected data...
CVE-2010-5141
The CVE-2010-5141 issue affects bitcoind and wxBitcoin up to version 0.3.4, with the root cause being improper handling of script opcodes in Bitcoin transactions. The vulnerability allows remote attackers to spend bitcoins owned by other users via unspecified vectors, as described in the provided...
CVE-2012-4684
CVE-2012-4684 affects Bitcoin Core (bitcoind/Bitcoin-Qt) prior to 0.7.0. The alert functionality accepts different character representations of the same signature data but relies on a hash of the signature, enabling a remote attacker to trigger a denial-of-service (resource consumption) by sendin...
CVE-2013-2292
CVE-2013-2292 affects bitcoind and Bitcoin-Qt 0.8.0 and earlier. The underlying issue is a DoS condition caused by mining a block that creates a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes. This block-level crafting can lead to electricity consumption as a conse...
CVE-2012-4683
Technical details for CVE-2012-4683 are not provided in the supplied documents. The connected records mention a generic DoS vulnerability in bitcoind/Bitcoin-Qt but lack specifics on affected versions, vectors, impact, or fixes. Monitor for updates.
CVE-2013-2273
CVE-2013-2273 affects bitcoind/Bitcoin-Qt releases prior to specific 0.4.9rc1, 0.5.x prior to 0.5.8rc1, 0.6.x prior to 0.6.0.11rc1, 0.6.1–0.6.5 prior to 0.6.5rc1, and 0.7.x prior to 0.7.3rc1. The issue allows remote attackers to obtain potentially sensitive information about the transaction chang...
CVE-2024-52916
Summary (CVE-2024-52916) : Bitcoin Core versions prior to 0.15.0 are affected by a denial-of-service condition caused by a flood of minimum-difficulty headers, which can lead to an out-of-memory (OOM) exhaustion of the daemon. This impacts availability of the Bitcoin Core node. Remediation: upgra...
CVE-2024-52914
CVE-2024-52914 affects Bitcoin Core, prior to version 0.18.0. The issue causes a node to be stalled for hours when processing the orphans of a crafted unconfirmed transaction. The available documents state the vulnerability and its impact (long stall), but do not provide exploit details, affected...
CVE-2013-2272
The CVE-2013-2272 entry affects bitcoind and Bitcoin-Qt versions listed as vulnerable (before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1–0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1) in the penny-flooding protection of CTxMemPool::accept. The issue allows remote attacker...
CVE-2013-5700
The CVE-2013-5700 issue affects the Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1. A crafted sequence of messages can trigger a division-by-zero error, leading to a denial of service and daemon crash. This is tied to the Bloom Filter component, with impact described...
CVE-2016-10725
In Bitcoin Core before v0.13.0, a non-final alert can block the final alert because operations occur in the wrong order. This affects the remote network alert system (deprecated since Q1 2016) and extends to other code paths such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. Th...
CVE-2018-20587
CVE-2018-20587 affects Bitcoin Core (0.12.0–0.17.1) and Bitcoin Knots (0.12.0–0.17.x before 0.17.1.knots20181229). The root cause is Incorrect Access Control that lets local users bind the RPC IPv4 localhost port and forward requests to the IPv6 localhost port, enabling currency theft. The connec...
CVE-2013-3220
CVE-2013-3220 affects bitcoind/Bitcoin-Qt (and wxBitcoin) across multiple older branches, where blocks of large size could trigger excessive Berkeley DB locking. This allows remote DoS (split) and certain double-spending capabilities. Affected versions include pre-0.4.9rc2, pre-0.5.8rc2, pre-0.6....
CVE-2024-52917
CVE-2024-52917 affects Bitcoin Core prior to 22.0. The issue is a miniupnp infinite loop where memory is allocated based on random data from the network (e.g., large M-SEARCH replies from a fake UPnP device), potentially causing an unbounded loop. The root cause is in the miniupnp handling within...
CVE-2024-55563
CVE-2024-55563 affects Bitcoin Core up to version 27.2, enabling a transaction-relay jamming/off‑chain protocol attack that can cause certain Lightning channel HTLC transactions to be blocked or their outcomes changed when a flood of transaction traffic prevents propagation. The issue is related ...
CVE-2012-1910
CVE-2012-1910 affects Bitcoin-Qt versions: 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows. The root cause is that the projects did not use MinGW multithread-safe exception handling, allowing remote attackers to cause a denial of service (app...
CVE-2012-3789
CVE-2012-3789 affects bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1, allowing remote attackers to cause a denial of service (process hang) on a Bitcoin network. Related advisories and vendor pages (Red Hat, Ubuntu, Debian) con...
CVE-2013-3219
CVE-2013-3219 affects bitcoind/Bitcoin-Qt 0.8.x prior to 0.8.1. The root cause is failure to enforce a block protocol rule, enabling remote attackers to bypass access restrictions and attempt double-spending via a large block that triggers incorrect Berkeley DB locking in older builds. Remediatio...
CVE-2010-5137
The CVE-2010-5137 entry affects wxBitcoin and bitcoind prior to 0.3.5, where processing a Bitcoin transaction containing an OP_LSHIFT script opcode can trigger a daemon crash (DoS). The vulnerability is described consistently across multiple sources (Red Hat, Ubuntu, Debian security trackers, CVE...
CVE-2012-4682
Technical details for CVE-2012-4682 are not publicly provided in the supplied documents. No specifics on affected product/version/vectors. Monitor for updates from sources.
CVE-2010-5140
CVE-2010-5140 affects wxBitcoin and bitcoind prior to 0.3.13. The issue arises when handling bitcoins in transactions with zero confirmations, enabling a remote attacker to trigger a denial-of-service through an invalid-transaction flood by sending low-value transactions without fees. The describ...
CVE-2011-4447
The CVE-2011-4447 issue affects wxBitcoin and bitcoind, where the encrypt wallet feature fails to properly interact with BSDDB’s deletion logic. This allows context-dependent attackers to bypass the BSDDB interface and read entries marked for deletion, potentially exposing unencrypted private key...
CVE-2010-5138
CVE-2010-5138 affects wxBitcoin and bitcoind 0.3.x. A remote attacker can trigger a denial of service by submitting a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes, leading to increased resource consumption and partial availability impact as stated in the NVD entry. Connected...
CVE-2012-2459
CVE-2012-2459 affects bitcoind and Bitcoin-Qt across multiple early-release lines (before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2). The flaw allows remote attackers to cause a denial of service via unknown behavior on the Bitcoin network, leading to block-process...
CVE-2013-4627
CVE-2013-4627 applies to bitcoind and Bitcoin-Qt 0.8.x. The vulnerability allows remote attackers to cause a denial of service by sending a large amount of tx message data, resulting in memory consumption. A patch/update was released (Bitcoin-Qt 0.8.4) to fix this DoS issue and related vulnerabil...
CVE-2013-4165
CVE-2013-4165 affects bitcoind 0.8.1, where the HTTPAuthorized function in bitcoinrpc.cpp leaks timing information on the first incorrect password byte, enabling remote attackers to guess passwords via a timing side-channel. Impact: authenticated RPC password guessing vulnerability. Remediation: ...
CVE-2012-1909
CVE-2012-1909 affects the Bitcoin protocol implementations (e.g., bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt). The vulnerability arises from improper handling of multiple transactions sharing the same identifier, enabling remote attackers to trigger a denial of service by creating a duplicate c...