Skip to main content

Bitcoin Core

35 CVEs product

Monthly

CVE-2024-55563 MEDIUM This Month

Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-52922 MEDIUM This Month

In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bitcoin Core
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-52921 MEDIUM This Month

In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bitcoin Core
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-52920 HIGH This Week

Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-52919 MEDIUM This Month

Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Bitcoin Core
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-52917 MEDIUM This Month

Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-52916 HIGH This Week

Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-52915 HIGH This Week

Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-52914 HIGH This Week

In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-52913 MEDIUM This Month

In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-52912 HIGH This Week

Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Bitcoin Core
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-35202 HIGH PATCH This Week

Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Bitcoin Core
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-50428 MEDIUM This Month

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bitcoin Core Bitcoin Knots
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-37192 HIGH POC This Week

Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitcoin Core
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-33297 HIGH PATCH This Week

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Bitcoin Core
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-3195 HIGH POC This Week

bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitcoin Core
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-14198 HIGH PATCH This Week

Bitcoin Core 0.20.0 allows remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bitcoin Core
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-15947 HIGH This Week

In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-17144 HIGH PATCH This Week

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bitcoin Core Bitcoin Knots
NVD GitHub
CVSS 3.1
7.5
EPSS
6.7%
CVE-2013-5700 MEDIUM This Month

The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-4627 MEDIUM This Month

Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-4165 MEDIUM This Month

The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Bitcoin Core
NVD GitHub
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3220 MEDIUM This Month

bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core Bitcoind Qitcoin Qt
NVD
CVSS 2.0
6.4
EPSS
6.7%
CVE-2013-3219 MEDIUM This Month

bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Bitcoin Core
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-2293 MEDIUM This Month

The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core Bitcoind
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-2292 HIGH This Week

bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core Bitcoind
NVD
CVSS 2.0
7.8
EPSS
2.9%
CVE-2013-2273 MEDIUM This Month

bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bitcoin Qt Bitcoin Core Bitcoind
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-2272 MEDIUM This Month

The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bitcoin Qt Bitcoin Core Bitcoind
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-4684 HIGH This Week

The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core Bitcoind Wxbitcoin
NVD
CVSS 2.0
7.8
EPSS
0.9%
CVE-2012-4683 MEDIUM This Month

Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-4682 MEDIUM This Month

Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-3789 MEDIUM This Month

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-2459 MEDIUM POC This Month

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bitcoin Core
NVD GitHub
CVSS 2.0
5.0
EPSS
1.5%
CVE-2012-1910 HIGH POC PATCH This Week

Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Microsoft RCE Bitcoin Qt Bitcoin Core
NVD GitHub
CVSS 2.0
7.5
EPSS
3.0%
CVE-2012-1909 MEDIUM POC PATCH This Month

The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Bitcoin Core Wxbitcoin
NVD GitHub
CVSS 2.0
5.0
EPSS
1.4%
EPSS 1% CVSS 5.3
MEDIUM This Month

Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bitcoin Core
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bitcoin Core
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Bitcoin Core
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Bitcoin Core
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Bitcoin Core
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bitcoin Core Bitcoin Knots
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitcoin Core
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Bitcoin Core
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitcoin Core
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Bitcoin Core 0.20.0 allows remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bitcoin Core
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bitcoin Core Bitcoin Knots
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Bitcoin Core
NVD GitHub
EPSS 7% CVSS 6.4
MEDIUM This Month

bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Bitcoin Core
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core +1
NVD
EPSS 3% CVSS 7.8
HIGH This Week

bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bitcoin Qt Bitcoin Core +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bitcoin Qt Bitcoin Core +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bitcoin Core
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Microsoft RCE +2
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Bitcoin Core Wxbitcoin
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy