Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25220 | 1 Bitcoin | 1 Bitcoin Core | 2025-05-22 | N/A | 7.5 HIGH |
| Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain has enough work before committing to store it. | |||||
| CVE-2024-55563 | 1 Bitcoin | 1 Bitcoin Core | 2025-05-22 | N/A | 5.3 MEDIUM |
| Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel transactions. | |||||
| CVE-2024-35202 | 1 Bitcoin | 1 Bitcoin Core | 2025-05-22 | N/A | 7.5 HIGH |
| Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance. | |||||
| CVE-2024-52922 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 6.5 MEDIUM |
| In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification. | |||||
| CVE-2024-52920 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 7.5 HIGH |
| Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message. | |||||
| CVE-2024-52921 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 5.3 MEDIUM |
| In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. | |||||
| CVE-2024-52919 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 6.5 MEDIUM |
| Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages. | |||||
| CVE-2024-52917 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 6.5 MEDIUM |
| Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device. | |||||
| CVE-2024-52916 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 7.5 HIGH |
| Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers. | |||||
| CVE-2024-52915 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 7.5 HIGH |
| Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message. | |||||
| CVE-2024-52914 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 7.5 HIGH |
| In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction. | |||||
| CVE-2024-52913 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 5.3 MEDIUM |
| In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled. | |||||
| CVE-2024-52912 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 7.5 HIGH |
| Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug. | |||||
| CVE-2010-5140 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2025-04-11 | 5.0 MEDIUM | N/A |
| wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees. | |||||
| CVE-2010-5137 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2025-04-11 | 5.0 MEDIUM | N/A |
| wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode. | |||||
| CVE-2011-4447 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2025-04-11 | 4.3 MEDIUM | N/A |
| The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion. | |||||
| CVE-2012-3789 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network. | |||||
| CVE-2010-5141 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2025-04-11 | 7.5 HIGH | N/A |
| wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors. | |||||
| CVE-2010-5138 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2025-04-11 | 5.0 MEDIUM | N/A |
| wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes. | |||||
| CVE-2012-1910 | 2 Bitcoin, Microsoft | 3 Bitcoin-qt, Bitcoin Core, Windows | 2025-04-11 | 7.5 HIGH | N/A |
| Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages. | |||||