Every CVE whose affected-product data names Bitcoin Bitcoin Core, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (54)
CVE-2012-4684 — CVSS 7.8 (high): The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data…
CVE-2013-2292 — CVSS 7.8 (high): bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block…
CVE-2010-5141 — CVSS 7.5 (high): wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend…
CVE-2024-52914 — CVSS 7.5 (high): In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.
CVE-2010-5139 — CVSS 7.5 (high): Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many…
CVE-2012-1910 — CVSS 7.5 (high): Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW…
CVE-2015-3641 — CVSS 7.5 (high): bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application…
CVE-2016-10724 — CVSS 7.5 (high): Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1…
CVE-2016-10725 — CVSS 7.5 (high): In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other…
CVE-2017-12842 — CVSS 7.5 (high): Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even…
CVE-2018-17144 — CVSS 7.5 (high): Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3…
CVE-2018-17145 — CVSS 7.5 (high): Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction…
CVE-2019-15947 — CVSS 7.5 (high): In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to…
CVE-2019-25220 — CVSS 7.5 (high): Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains…
CVE-2021-3195 — CVSS 7.5 (high): bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a…
CVE-2023-33297 — CVSS 7.5 (high): Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because…
CVE-2023-37192 — CVSS 7.5 (high): Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory…
CVE-2024-35202 — CVSS 7.5 (high): Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by…
CVE-2024-52912 — CVSS 7.5 (high): Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly…
CVE-2024-52915 — CVSS 7.5 (high): Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.
CVE-2024-52916 — CVSS 7.5 (high): Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.
CVE-2024-52920 — CVSS 7.5 (high): Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.
CVE-2024-52919 — CVSS 6.5 (medium): Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr…
CVE-2024-52917 — CVSS 6.5 (medium): Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network…
CVE-2024-52922 — CVSS 6.5 (medium): In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an…
CVE-2013-3220 — CVSS 6.4 (medium): bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not…
CVE-2017-18350 — CVSS 5.9 (medium): bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This…
CVE-2018-20587 — CVSS 5.5 (medium): Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local…
CVE-2023-50428 — CVSS 5.3 (medium): In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as…
CVE-2024-52921 — CVSS 5.3 (medium): In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.
CVE-2018-20586 — CVSS 5.3 (medium): bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.
CVE-2024-52913 — CVSS 5.3 (medium): In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction…
CVE-2024-55563 — CVSS 5.3 (medium): Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For…
CVE-2012-3789 — CVSS 5.0 (medium): Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before…
CVE-2012-4683 — CVSS 5.0 (medium): Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different…
CVE-2010-5140 — CVSS 5.0 (medium): wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations…
CVE-2013-2272 — CVSS 5.0 (medium): The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1…
CVE-2013-2273 — CVSS 5.0 (medium): bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x…
CVE-2010-5138 — CVSS 5.0 (medium): wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction…
CVE-2013-2293 — CVSS 5.0 (medium): The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without…
CVE-2013-3219 — CVSS 5.0 (medium): bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended…
CVE-2012-2459 — CVSS 5.0 (medium): Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2…
CVE-2012-1909 — CVSS 5.0 (medium): The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple…
CVE-2012-4682 — CVSS 5.0 (medium): Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different…
CVE-2013-4627 — CVSS 5.0 (medium): Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a…
CVE-2013-5700 — CVSS 5.0 (medium): The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service…
CVE-2010-5137 — CVSS 5.0 (medium): wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing…
CVE-2013-4165 — CVSS 4.3 (medium): The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first…
CVE-2011-4447 — CVSS 4.3 (medium): The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion…