Bitcoind Security Vulnerabilities and Issues — Bitcoind CVE List

Lucene search

BitcoinBitcoind

8 matches found

CVE•added 2013/03/12 11:28 a.m.•47 views

CVE-2013-2293

The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs cor...

5CVSS6.6AI score0.00535EPSS

CVE•added 2018/07/05 10:29 p.m.•43 views

CVE-2016-10724

Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects ot...

7.8CVSS7.5AI score0.0073EPSS

CVE•added 2013/03/12 11:28 a.m.•41 views

CVE-2012-4684

The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a cir...

7.8CVSS6.8AI score0.00836EPSS

CVE•added 2013/03/12 11:28 a.m.•41 views

CVE-2013-2273

bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the ...

5CVSS6.4AI score0.00221EPSS

CVE•added 2013/03/12 11:28 a.m.•40 views

CVE-2013-2292

bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.

7.8CVSS6.8AI score0.0056EPSS

CVE•added 2013/03/12 11:28 a.m.•38 views

CVE-2013-2272

The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addre...

5CVSS6.8AI score0.00221EPSS

CVE•added 2013/08/02 12:10 p.m.•37 views

CVE-2013-3220

bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) an...

6.4CVSS6.8AI score0.07942EPSS

CVE•added 2018/07/05 10:29 p.m.•37 views

CVE-2016-10725

In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of t...

7.5CVSS7.4AI score0.00422EPSS