Lucene search
K
BitcoinBitcoin Core

54 matches found

CVE
CVE
added 2024/11/18 12:0 a.m.136 views

CVE-2024-52915

CVE-2024-52915 affects Bitcoin Core before 0.20.0. The issue allows remote attackers to cause a denial-of-service via a crafted INV message that triggers memory consumption. Affected versions are prior to 0.20.0; remediation is to upgrade to version 0.20.0 or later. Public documents in the provid...

7.5CVSS6.6AI score0.0062EPSS
CVE
CVE
added 2021/01/21 7:48 a.m.122 views

CVE-2021-3195

Summary: CVE-2021-3195 affects Bitcoin Core (bitcoind) up to version 0.21.0, where a dumpwallet RPC call can create a new file in an arbitrary directory (e.g., outside ~/.bitcoin). This behavior is described as potentially violating the security model of forks with dumpwallet restrictions, though...

7.5CVSS7.5AI score0.01172EPSS
CVE
CVE
added 2019/09/05 4:25 p.m.111 views

CVE-2019-15947

Bitcoin Core 0.18.0 stores wallet.dat data unencrypted in memory; on crash a core dump can enable an attacker to reconstruct wallet.dat with private keys by grepping for the sequence 6231 0500. Mitigation: upgrade to Bitcoin Core 0.20.x (e.g., 0.20.1) as advised by Mageia/Gentoo OSS advisories; n...

7.5CVSS7.2AI score0.0139EPSS
CVE
CVE
added 2023/05/22 12:0 a.m.89 views

CVE-2023-33297

Bitcoin Core prior to v24.1 is affected by CVE-2023-33297. When debug mode is not enabled, the node’s inventory-to-send queue draining is inefficient, allowing a denial-of-service (e.g., CPU consumption). The issue has been observed in the wild (May 2023). A fix is provided in Bitcoin Core 24.1 a...

7.5CVSS7.2AI score0.014EPSS
CVE
CVE
added 2018/09/19 8:0 a.m.87 views

CVE-2018-17144

CVE-2018-17144 affects Bitcoin Core: versions 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3, plus Bitcoin Knots 0.14.x–0.16.x before 0.16.3. It allows a remote denial of service (application crash) via duplicate inputs exploited by miners, causing bitcoind/Bitcoin-Qt to cra...

7.5CVSS7.3AI score0.06749EPSS
CVE
CVE
added 2024/11/18 12:0 a.m.83 views

CVE-2024-52919

Bitcoin Core before 22.0 contains a CAddrMan nIdCount integer overflow triggered by a flood of addr messages, causing an assertion failure and daemon exit. Affected component: CAddrMan in Bitcoin Core. Impact is a crash/daemon restart; exploitation status not detailed in provided docs. Remediatio...

6.5CVSS6.9AI score0.00266EPSS
CVE
CVE
added 2023/07/06 12:0 a.m.74 views

CVE-2023-37192

Bitcoin Core (v22) is affected by a memory management/protection issue that allows an attacker to modify the stored sending address in the application’s memory, potentially redirecting transactions to wallets of the attacker’s choosing. The vulnerability concerns the core wallet handling path and...

7.5CVSS7.4AI score0.0057EPSS
CVE
CVE
added 2020/03/12 8:13 p.m.73 views

CVE-2017-18350

Affected software: bitcoind and Bitcoin-Qt prior to 0.15.1. Issue: a stack-based buffer overflow caused by a signedness error when a attacker-controlled SOCKS proxy responds with an acknowledgement to an unexpected domain name. Impact details are consistent with the CVE, including a partial avail...

5.9CVSS5.9AI score0.01301EPSS
CVE
CVE
added 2024/10/10 12:0 a.m.73 views

CVE-2024-35202

CVE-2024-35202 affects Bitcoin Core prior to 25.0. The vulnerability allows remote attackers to cause a denial of service by including transactions in a blocktxn message that are not committed to in a block’s merkle root, triggering a blocktxn-handling assertion and node exit. The issue is associ...

7.5CVSS7AI score0.009EPSS
CVE
CVE
added 2020/03/12 8:42 p.m.72 views

CVE-2015-3641

CVE-2015-3641 affects bitcoind and Bitcoin-Qt prior to 0.10.2, allowing a denial-of-service via an “Easy” attack (attackers could disable functionality or crash the client). Connected sources indicate the vulnerability is tied to older Bitcoin Core versions and that mitigation is to upgrade to ve...

7.5CVSS7.3AI score0.01767EPSS
CVE
CVE
added 2012/08/06 4:0 p.m.69 views

CVE-2010-5139

CVE-2010-5139 describes an integer overflow in wxBitcoin and bitcoind up to version 0.3.11 that allows remote attackers to bypass economic restrictions and mint an unusually large number of bitcoins via a crafted Bitcoin transaction. Affected components are the Bitcoin reference client binaries s...

7.5CVSS7AI score0.02598EPSS
CVE
CVE
added 2020/03/12 8:34 p.m.69 views

CVE-2018-20586

CVE-2018-20586 affects bitcoind and Bitcoin-Qt prior to 0.17.1, where an RPC call can inject arbitrary data into the debug log. Affected component: Bitcoin Core’s RPC/debug logging. Root cause: ability to write arbitrary data via RPC into logs. Impact: log contents could be polluted with attacker...

5.3CVSS5.5AI score0.01061EPSS
CVE
CVE
added 2020/09/10 4:32 p.m.67 views

CVE-2018-17145

CVE-2018-17145 affects Bitcoin Core 0.16.x prior to 0.16.2 and Bitcoin Knots 0.16.x prior to 0.16.2. The root cause is mishandling of inventory (inv) messages, allowing an attacker to cause remote denial of service by flooding with multiple transaction inv messages using random hashes. Impact des...

7.5CVSS7.4AI score0.03411EPSS
CVE
CVE
added 2013/03/12 10:0 a.m.65 views

CVE-2013-2293

The CVE-2013-2293 issue affects bitcoind and Bitcoin-Qt prior to 0.8.0rc1. The CTransaction::FetchInputs function copies transactions from disk to memory without incrementally validating spent prevouts, enabling remote attackers to trigger a denial of service through a transaction with many input...

5CVSS6.6AI score0.02535EPSS
CVE
CVE
added 2020/03/16 7:42 p.m.65 views

CVE-2017-12842

Bitcoin Core before 0.14 is vulnerable to an SPV proof manipulation flaw. An attacker can craft an ostensibly valid SPV proof for a payment to a victim’s SPV wallet even if the payment never occurred, potentially misleading the wallet into accepting non-existent transactions. The attack cost is d...

7.5CVSS7.4AI score0.02164EPSS
CVE
CVE
added 2020/09/10 4:36 p.m.64 views

CVE-2020-14198

CVE-2020-14198 affects Bitcoin Core 0.20.0, enabling remote denial of service. CVSSv3.1 metrics shown: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base 7.5, HIGH) and CVSSv2 base 5.0 (PARTIAL impact). Public references note the issue alongside CVE-2019-15947, with advisories recommending upgrading to a ...

7.5CVSS7.4AI score0.03389EPSS
CVE
CVE
added 2024/11/18 12:0 a.m.63 views

CVE-2024-52922

CVE-2024-52922 affects Bitcoin Core up to version 25.0, where an attacker can stall an announcing peer, causing a node to delay or fail to download the latest block. The root cause is a minutes-long stall when peers do not comply with the peer-to-peer protocol, allowing impact on block propagatio...

6.5CVSS6.5AI score0.00315EPSS
CVE
CVE
added 2024/11/18 12:0 a.m.61 views

CVE-2024-52912

Bitcoin Core before 0.21.0 is affected. The issue stems from an integer overflow when calculating the time offset for newly connecting peers, combined with an abs64 logic bug, which can cause a network split. Red Hat, NVD, OSV, CIRCL and other feeds corroborate that prior to 0.21.0, this vulnerab...

7.5CVSS6.9AI score0.00518EPSS
CVE
CVE
added 2024/11/18 12:0 a.m.61 views

CVE-2024-52921

CVE-2024-52921 affects Bitcoin Core prior to 25.0. A peer can alter the download state of other peers by sending a mutated block, potentially disrupting block propagation and peer synchronization. Affected component: Bitcoin Core networking/block processing; root cause: processing of malformed/mu...

5.3CVSS6.6AI score0.00428EPSS
CVE
CVE
added 2018/07/05 10:0 p.m.60 views

CVE-2016-10724

CVE-2016-10724 affects Bitcoin Core before v0.13.0 (and related forks such as Bitcoin Knots before v0.13.0.knots20160814, plus many altcoins). The root cause is a memory-exhaustion denial-of-service vulnerability triggered by the remote network alert system, enabled if an attacker can sign a mess...

7.8CVSS7.5AI score0.02281EPSS
CVE
CVE
added 2023/12/09 12:0 a.m.60 views

CVE-2023-50428

Affected software: Bitcoin Core up to 26.0 and Bitcoin Knots up to 25.1.knots20231115. Issue: datacarrier size limits can be bypassed by obfuscating data as code (e.g., OP_FALSE OP_IF). In the wild, this has been exploited by Inscriptions in 2022–2023. Impact: data-carrier limit bypass; potential...

5.3CVSS5.4AI score0.00779EPSS
CVE
CVE
added 2024/11/18 12:0 a.m.60 views

CVE-2024-52913

Bitcoin Core prior to 0.21.0 is affected. An attacker could prevent a node from seeing a specific unconfirmed transaction because transaction re-requests are mishandled (CVE-2024-52913). The Red Hat advisories confirm the same impact. The CVSS indicates network attack vector, low complexity, no p...

5.3CVSS6.6AI score0.00366EPSS
CVE
CVE
added 2024/11/18 12:0 a.m.60 views

CVE-2024-52920

CVE-2024-52920 affects Bitcoin Core prior to 0.20.0. The issue enables remote attackers to cause a denial of service by sending a malformed GETDATA message, resulting in an infinite loop and potential node crash. Affected product: Bitcoin Core (versions before 0.20.0). Root cause: handling of GET...

7.5CVSS6.7AI score0.00607EPSS
CVE
CVE
added 2024/11/18 12:0 a.m.57 views

CVE-2019-25220

CVE-2019-25220 concerns Bitcoin Core prior to 24.0.1. The issue arises when a node accepts a flood of low‑difficulty header chains and stores them without first verifying that the presented chain has enough work, enabling a denial of service (daemon crash). Public references in the connected data...

7.5CVSS6.7AI score0.00783EPSS
CVE
CVE
added 2012/08/06 4:0 p.m.56 views

CVE-2010-5141

The CVE-2010-5141 issue affects bitcoind and wxBitcoin up to version 0.3.4, with the root cause being improper handling of script opcodes in Bitcoin transactions. The vulnerability allows remote attackers to spend bitcoins owned by other users via unspecified vectors, as described in the provided...

7.5CVSS6.8AI score0.02232EPSS
CVE
CVE
added 2013/03/12 10:0 a.m.56 views

CVE-2012-4684

CVE-2012-4684 affects Bitcoin Core (bitcoind/Bitcoin-Qt) prior to 0.7.0. The alert functionality accepts different character representations of the same signature data but relies on a hash of the signature, enabling a remote attacker to trigger a denial-of-service (resource consumption) by sendin...

7.8CVSS6.8AI score0.02857EPSS
CVE
CVE
added 2013/03/12 10:0 a.m.56 views

CVE-2013-2292

CVE-2013-2292 affects bitcoind and Bitcoin-Qt 0.8.0 and earlier. The underlying issue is a DoS condition caused by mining a block that creates a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes. This block-level crafting can lead to electricity consumption as a conse...

7.8CVSS6.8AI score0.0255EPSS
CVE
CVE
added 2012/09/14 11:0 p.m.55 views

CVE-2012-4683

Technical details for CVE-2012-4683 are not provided in the supplied documents. The connected records mention a generic DoS vulnerability in bitcoind/Bitcoin-Qt but lack specifics on affected versions, vectors, impact, or fixes. Monitor for updates.

5CVSS6.4AI score0.01451EPSS
CVE
CVE
added 2013/03/12 10:0 a.m.55 views

CVE-2013-2273

CVE-2013-2273 affects bitcoind/Bitcoin-Qt releases prior to specific 0.4.9rc1, 0.5.x prior to 0.5.8rc1, 0.6.x prior to 0.6.0.11rc1, 0.6.1–0.6.5 prior to 0.6.5rc1, and 0.7.x prior to 0.7.3rc1. The issue allows remote attackers to obtain potentially sensitive information about the transaction chang...

5CVSS6.4AI score0.0191EPSS
CVE
CVE
added 2024/11/18 12:0 a.m.55 views

CVE-2024-52916

Summary (CVE-2024-52916) : Bitcoin Core versions prior to 0.15.0 are affected by a denial-of-service condition caused by a flood of minimum-difficulty headers, which can lead to an out-of-memory (OOM) exhaustion of the daemon. This impacts availability of the Bitcoin Core node. Remediation: upgra...

7.5CVSS6.6AI score0.00509EPSS
CVE
CVE
added 2024/11/18 12:0 a.m.54 views

CVE-2024-52914

CVE-2024-52914 affects Bitcoin Core, prior to version 0.18.0. The issue causes a node to be stalled for hours when processing the orphans of a crafted unconfirmed transaction. The available documents state the vulnerability and its impact (long stall), but do not provide exploit details, affected...

7.5CVSS6.6AI score0.00509EPSS
CVE
CVE
added 2013/03/12 10:0 a.m.53 views

CVE-2013-2272

The CVE-2013-2272 entry affects bitcoind and Bitcoin-Qt versions listed as vulnerable (before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1–0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1) in the penny-flooding protection of CTxMemPool::accept. The issue allows remote attacker...

5CVSS6.8AI score0.01888EPSS
CVE
CVE
added 2013/09/10 10:0 a.m.53 views

CVE-2013-5700

The CVE-2013-5700 issue affects the Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1. A crafted sequence of messages can trigger a division-by-zero error, leading to a denial of service and daemon crash. This is tied to the Bloom Filter component, with impact described...

5CVSS6.7AI score0.01999EPSS
CVE
CVE
added 2018/07/05 10:0 p.m.53 views

CVE-2016-10725

In Bitcoin Core before v0.13.0, a non-final alert can block the final alert because operations occur in the wrong order. This affects the remote network alert system (deprecated since Q1 2016) and extends to other code paths such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. Th...

7.5CVSS7.4AI score0.02498EPSS
CVE
CVE
added 2019/02/11 12:0 p.m.53 views

CVE-2018-20587

CVE-2018-20587 affects Bitcoin Core (0.12.0–0.17.1) and Bitcoin Knots (0.12.0–0.17.x before 0.17.1.knots20181229). The root cause is Incorrect Access Control that lets local users bind the RPC IPv4 localhost port and forward requests to the IPv6 localhost port, enabling currency theft. The connec...

5.5CVSS5.5AI score0.00349EPSS
CVE
CVE
added 2013/08/01 4:0 p.m.52 views

CVE-2013-3220

CVE-2013-3220 affects bitcoind/Bitcoin-Qt (and wxBitcoin) across multiple older branches, where blocks of large size could trigger excessive Berkeley DB locking. This allows remote DoS (split) and certain double-spending capabilities. Affected versions include pre-0.4.9rc2, pre-0.5.8rc2, pre-0.6....

6.4CVSS6.8AI score0.02378EPSS
CVE
CVE
added 2024/11/18 12:0 a.m.52 views

CVE-2024-52917

CVE-2024-52917 affects Bitcoin Core prior to 22.0. The issue is a miniupnp infinite loop where memory is allocated based on random data from the network (e.g., large M-SEARCH replies from a fake UPnP device), potentially causing an unbounded loop. The root cause is in the miniupnp handling within...

6.5CVSS6.6AI score0.00267EPSS
CVE
CVE
added 2024/12/09 12:0 a.m.52 views

CVE-2024-55563

CVE-2024-55563 affects Bitcoin Core up to version 27.2, enabling a transaction-relay jamming/off‑chain protocol attack that can cause certain Lightning channel HTLC transactions to be blocked or their outcomes changed when a flood of transaction traffic prevents propagation. The issue is related ...

5.3CVSS6.6AI score0.00647EPSS
CVE
CVE
added 2012/08/06 4:0 p.m.51 views

CVE-2012-1910

CVE-2012-1910 affects Bitcoin-Qt versions: 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows. The root cause is that the projects did not use MinGW multithread-safe exception handling, allowing remote attackers to cause a denial of service (app...

7.5CVSS8.3AI score0.04507EPSS
CVE
CVE
added 2012/08/06 4:0 p.m.51 views

CVE-2012-3789

CVE-2012-3789 affects bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1, allowing remote attackers to cause a denial of service (process hang) on a Bitcoin network. Related advisories and vendor pages (Red Hat, Ubuntu, Debian) con...

5CVSS6.6AI score0.01966EPSS
CVE
CVE
added 2013/08/01 4:0 p.m.51 views

CVE-2013-3219

CVE-2013-3219 affects bitcoind/Bitcoin-Qt 0.8.x prior to 0.8.1. The root cause is failure to enforce a block protocol rule, enabling remote attackers to bypass access restrictions and attempt double-spending via a large block that triggers incorrect Berkeley DB locking in older builds. Remediatio...

5CVSS6.8AI score0.01971EPSS
CVE
CVE
added 2012/08/06 4:0 p.m.50 views

CVE-2010-5137

The CVE-2010-5137 entry affects wxBitcoin and bitcoind prior to 0.3.5, where processing a Bitcoin transaction containing an OP_LSHIFT script opcode can trigger a daemon crash (DoS). The vulnerability is described consistently across multiple sources (Red Hat, Ubuntu, Debian security trackers, CVE...

5CVSS6.8AI score0.02376EPSS
CVE
CVE
added 2012/09/14 11:0 p.m.49 views

CVE-2012-4682

Technical details for CVE-2012-4682 are not publicly provided in the supplied documents. No specifics on affected product/version/vectors. Monitor for updates from sources.

5CVSS6.4AI score0.01463EPSS
CVE
CVE
added 2012/08/06 4:0 p.m.48 views

CVE-2010-5140

CVE-2010-5140 affects wxBitcoin and bitcoind prior to 0.3.13. The issue arises when handling bitcoins in transactions with zero confirmations, enabling a remote attacker to trigger a denial-of-service through an invalid-transaction flood by sending low-value transactions without fees. The describ...

5CVSS6.8AI score0.02301EPSS
CVE
CVE
added 2012/08/06 4:0 p.m.48 views

CVE-2011-4447

The CVE-2011-4447 issue affects wxBitcoin and bitcoind, where the encrypt wallet feature fails to properly interact with BSDDB’s deletion logic. This allows context-dependent attackers to bypass the BSDDB interface and read entries marked for deletion, potentially exposing unencrypted private key...

4.3CVSS6.6AI score0.0163EPSS
CVE
CVE
added 2012/08/06 4:0 p.m.47 views

CVE-2010-5138

CVE-2010-5138 affects wxBitcoin and bitcoind 0.3.x. A remote attacker can trigger a denial of service by submitting a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes, leading to increased resource consumption and partial availability impact as stated in the NVD entry. Connected...

5CVSS6.8AI score0.01966EPSS
CVE
CVE
added 2012/08/06 4:0 p.m.47 views

CVE-2012-2459

CVE-2012-2459 affects bitcoind and Bitcoin-Qt across multiple early-release lines (before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2). The flaw allows remote attackers to cause a denial of service via unknown behavior on the Bitcoin network, leading to block-process...

5CVSS6.8AI score0.03055EPSS
CVE
CVE
added 2013/08/01 4:0 p.m.47 views

CVE-2013-4627

CVE-2013-4627 applies to bitcoind and Bitcoin-Qt 0.8.x. The vulnerability allows remote attackers to cause a denial of service by sending a large amount of tx message data, resulting in memory consumption. A patch/update was released (Bitcoin-Qt 0.8.4) to fix this DoS issue and related vulnerabil...

5CVSS6.7AI score0.0193EPSS
CVE
CVE
added 2013/08/01 4:0 p.m.46 views

CVE-2013-4165

CVE-2013-4165 affects bitcoind 0.8.1, where the HTTPAuthorized function in bitcoinrpc.cpp leaks timing information on the first incorrect password byte, enabling remote attackers to guess passwords via a timing side-channel. Impact: authenticated RPC password guessing vulnerability. Remediation: ...

4.3CVSS6.6AI score0.02278EPSS
CVE
CVE
added 2012/08/06 4:0 p.m.38 views

CVE-2012-1909

CVE-2012-1909 affects the Bitcoin protocol implementations (e.g., bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt). The vulnerability arises from improper handling of multiple transactions sharing the same identifier, enabling remote attackers to trigger a denial of service by creating a duplicate c...

5CVSS6.8AI score0.02928EPSS
Total number of security vulnerabilities54