CVE-2015-6964

MultiBit HD before 0.1.2 is vulnerable to bit-flipping attacks that can inject unspendable Bitcoin addresses into the developer-fee list due to the absence of a Message Authentication Code (MAC). The attack does not realistically steal fees, but it could disrupt fee payments. A patch is available...