8 matches found
CVE-2013-2293
The CVE-2013-2293 issue affects bitcoind and Bitcoin-Qt prior to 0.8.0rc1. The CTransaction::FetchInputs function copies transactions from disk to memory without incrementally validating spent prevouts, enabling remote attackers to trigger a denial of service through a transaction with many input...
CVE-2016-10724
CVE-2016-10724 affects Bitcoin Core before v0.13.0 (and related forks such as Bitcoin Knots before v0.13.0.knots20160814, plus many altcoins). The root cause is a memory-exhaustion denial-of-service vulnerability triggered by the remote network alert system, enabled if an attacker can sign a mess...
CVE-2012-4684
CVE-2012-4684 affects Bitcoin Core (bitcoind/Bitcoin-Qt) prior to 0.7.0. The alert functionality accepts different character representations of the same signature data but relies on a hash of the signature, enabling a remote attacker to trigger a denial-of-service (resource consumption) by sendin...
CVE-2013-2292
CVE-2013-2292 affects bitcoind and Bitcoin-Qt 0.8.0 and earlier. The underlying issue is a DoS condition caused by mining a block that creates a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes. This block-level crafting can lead to electricity consumption as a conse...
CVE-2013-2273
CVE-2013-2273 affects bitcoind/Bitcoin-Qt releases prior to specific 0.4.9rc1, 0.5.x prior to 0.5.8rc1, 0.6.x prior to 0.6.0.11rc1, 0.6.1–0.6.5 prior to 0.6.5rc1, and 0.7.x prior to 0.7.3rc1. The issue allows remote attackers to obtain potentially sensitive information about the transaction chang...
CVE-2013-2272
The CVE-2013-2272 entry affects bitcoind and Bitcoin-Qt versions listed as vulnerable (before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1–0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1) in the penny-flooding protection of CTxMemPool::accept. The issue allows remote attacker...
CVE-2016-10725
In Bitcoin Core before v0.13.0, a non-final alert can block the final alert because operations occur in the wrong order. This affects the remote network alert system (deprecated since Q1 2016) and extends to other code paths such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. Th...
CVE-2013-3220
CVE-2013-3220 affects bitcoind/Bitcoin-Qt (and wxBitcoin) across multiple older branches, where blocks of large size could trigger excessive Berkeley DB locking. This allows remote DoS (split) and certain double-spending capabilities. Affected versions include pre-0.4.9rc2, pre-0.5.8rc2, pre-0.6....