Vulnerabilites related to bitcoin - bitcoin_core
CVE-2013-2292 (GCVE-0-2013-2292)
Vulnerability from cvelistv5
Published
2013-03-12 10:00
Modified
2024-09-16 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:44.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcointalk.org/?topic=140078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcointalk.org/?topic=140078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"name": "https://bitcointalk.org/?topic=140078",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/?topic=140078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2292",
"datePublished": "2013-03-12T10:00:00Z",
"dateReserved": "2013-02-28T00:00:00Z",
"dateUpdated": "2024-09-16T18:29:52.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17144 (GCVE-0-2018-17144)
Vulnerability from cvelistv5
Published
2018-09-19 08:00
Modified
2024-08-05 10:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JinBean/CVE-Extension"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T19:18:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JinBean/CVE-Extension"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144"
},
{
"name": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md",
"refsource": "MISC",
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md"
},
{
"name": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/",
"refsource": "MISC",
"url": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/"
},
{
"name": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md",
"refsource": "MISC",
"url": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md"
},
{
"name": "https://github.com/JinBean/CVE-Extension",
"refsource": "MISC",
"url": "https://github.com/JinBean/CVE-Extension"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17144",
"datePublished": "2018-09-19T08:00:00",
"dateReserved": "2018-09-18T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52916 (GCVE-0-2024-52916)
Vulnerability from cvelistv5
Published
2024-11-18 00:00
Modified
2024-11-18 15:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitcoin_core",
"vendor": "bitcoin",
"versions": [
{
"lessThan": "0.15.0",
"status": "affected",
"version": "0.12.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:32:46.879137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:32:50.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T03:19:05.822982",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://bitcoincore.org/en/2024/07/03/disclose-header-spam/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52916",
"datePublished": "2024-11-18T00:00:00",
"dateReserved": "2024-11-18T00:00:00",
"dateUpdated": "2024-11-18T15:32:50.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2459 (GCVE-0-2012-2459)
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-16 17:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=415973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcointalk.org/?topic=81749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-06T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=415973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcointalk.org/?topic=81749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=415973",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=415973"
},
{
"name": "https://bitcointalk.org/?topic=81749",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/?topic=81749"
},
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2459",
"datePublished": "2012-08-06T16:00:00Z",
"dateReserved": "2012-05-07T00:00:00Z",
"dateUpdated": "2024-09-16T17:08:30.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52920 (GCVE-0-2024-52920)
Vulnerability from cvelistv5
Published
2024-11-18 00:00
Modified
2024-11-18 15:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitcoin_core",
"vendor": "bitcoin",
"versions": [
{
"lessThan": "0.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:23:35.213355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:27:30.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T03:18:20.612988",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52920",
"datePublished": "2024-11-18T00:00:00",
"dateReserved": "2024-11-18T00:00:00",
"dateUpdated": "2024-11-18T15:27:30.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4627 (GCVE-0-2013-4627)
Vulnerability from cvelistv5
Published
2013-08-01 16:00
Modified
2024-09-16 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-01T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4627",
"datePublished": "2013-08-01T16:00:00Z",
"dateReserved": "2013-06-20T00:00:00Z",
"dateUpdated": "2024-09-16T19:41:14.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4684 (GCVE-0-2012-4684)
Vulnerability from cvelistv5
Published
2013-03-12 10:00
Modified
2024-09-16 20:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVE-2012-4684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcointalk.org/index.php?topic=8392.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcointalk.org/index.php?topic=148109.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVE-2012-4684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcointalk.org/index.php?topic=8392.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcointalk.org/index.php?topic=148109.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/CVE-2012-4684",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVE-2012-4684"
},
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"name": "https://bitcointalk.org/index.php?topic=8392.0",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/index.php?topic=8392.0"
},
{
"name": "https://bitcointalk.org/index.php?topic=148109.0",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/index.php?topic=148109.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4684",
"datePublished": "2013-03-12T10:00:00Z",
"dateReserved": "2012-08-28T00:00:00Z",
"dateUpdated": "2024-09-16T20:36:40.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5140 (GCVE-0-2010-5140)
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-17 04:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitcoin.org/smf/index.php?topic=1306.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-06T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitcoin.org/smf/index.php?topic=1306.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"name": "http://www.bitcoin.org/smf/index.php?topic=1306.0",
"refsource": "CONFIRM",
"url": "http://www.bitcoin.org/smf/index.php?topic=1306.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5140",
"datePublished": "2012-08-06T16:00:00Z",
"dateReserved": "2012-05-29T00:00:00Z",
"dateUpdated": "2024-09-17T04:04:38.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14198 (GCVE-0-2020-14198)
Vulnerability from cvelistv5
Published
2020-09-10 16:36
Modified
2024-08-04 12:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core 0.20.0 allows remote denial of service.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/commits/master"
},
{
"name": "GLSA-202009-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202009-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.20.0 allows remote denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-30T01:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bitcoin/bitcoin/commits/master"
},
{
"name": "GLSA-202009-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202009-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitcoin Core 0.20.0 allows remote denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198"
},
{
"name": "https://github.com/bitcoin/bitcoin/commits/master",
"refsource": "MISC",
"url": "https://github.com/bitcoin/bitcoin/commits/master"
},
{
"name": "GLSA-202009-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202009-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14198",
"datePublished": "2020-09-10T16:36:45",
"dateReserved": "2020-06-16T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2293 (GCVE-0-2013-2293)
Vulnerability from cvelistv5
Published
2013-03-12 10:00
Modified
2024-09-16 17:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:44.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVE-2013-2293"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcointalk.org/?topic=144122"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVE-2013-2293"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcointalk.org/?topic=144122"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/CVE-2013-2293",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVE-2013-2293"
},
{
"name": "https://bitcointalk.org/?topic=144122",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/?topic=144122"
},
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2293",
"datePublished": "2013-03-12T10:00:00Z",
"dateReserved": "2013-02-28T00:00:00Z",
"dateUpdated": "2024-09-16T17:33:18.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52912 (GCVE-0-2024-52912)
Vulnerability from cvelistv5
Published
2024-11-18 00:00
Modified
2024-11-18 15:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitcoin_core",
"vendor": "bitcoin",
"versions": [
{
"lessThan": "0.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:46:58.309442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:47:54.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T03:19:47.946368",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52912",
"datePublished": "2024-11-18T00:00:00",
"dateReserved": "2024-11-18T00:00:00",
"dateUpdated": "2024-11-18T15:47:54.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5138 (GCVE-0-2010-5138)
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-17 02:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-06T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5138",
"datePublished": "2012-08-06T16:00:00Z",
"dateReserved": "2012-05-29T00:00:00Z",
"dateUpdated": "2024-09-17T02:11:46.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5141 (GCVE-0-2010-5141)
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-17 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-06T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5141",
"datePublished": "2012-08-06T16:00:00Z",
"dateReserved": "2012-06-11T00:00:00Z",
"dateUpdated": "2024-09-17T00:16:23.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37192 (GCVE-0-2023-37192)
Vulnerability from cvelistv5
Published
2023-07-06 00:00
Modified
2024-11-20 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bitcoin.org/en/bitcoin-core/"
},
{
"tags": [
"x_transferred"
],
"url": "https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=oEl4M1oZim0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37192",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:46:47.051852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:46:59.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app\u0027s memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bitcoin.org/en/bitcoin-core/"
},
{
"url": "https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html"
},
{
"url": "https://www.youtube.com/watch?v=oEl4M1oZim0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37192",
"datePublished": "2023-07-06T00:00:00",
"dateReserved": "2023-06-28T00:00:00",
"dateUpdated": "2024-11-20T19:46:59.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33297 (GCVE-0-2023-33297)
Vulnerability from cvelistv5
Published
2023-05-22 00:00
Modified
2025-01-28 17:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:36.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/issues/27586"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/issues/27623"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/pull/27610"
},
{
"name": "FEDORA-2023-1bae6b7751",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/"
},
{
"name": "FEDORA-2023-3317c9b824",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/visualbasic6/drain"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544"
},
{
"tags": [
"x_transferred"
],
"url": "https://x.com/123456/status/1711601593399828530"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-33297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T17:19:49.820806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T17:20:52.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T15:25:24.022Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://github.com/bitcoin/bitcoin/issues/27586"
},
{
"url": "https://github.com/bitcoin/bitcoin/issues/27623"
},
{
"url": "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md"
},
{
"url": "https://github.com/bitcoin/bitcoin/pull/27610"
},
{
"name": "FEDORA-2023-1bae6b7751",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/"
},
{
"name": "FEDORA-2023-3317c9b824",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/"
},
{
"url": "https://github.com/visualbasic6/drain"
},
{
"url": "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544"
},
{
"url": "https://x.com/123456/status/1711601593399828530"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33297",
"datePublished": "2023-05-22T00:00:00.000Z",
"dateReserved": "2023-05-22T00:00:00.000Z",
"dateUpdated": "2025-01-28T17:20:52.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52919 (GCVE-0-2024-52919)
Vulnerability from cvelistv5
Published
2024-11-18 00:00
Modified
2024-11-18 15:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitcoin_core",
"vendor": "bitcoin",
"versions": [
{
"lessThan": "22.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:21:55.213161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:21:59.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T03:18:30.467418",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52919",
"datePublished": "2024-11-18T00:00:00",
"dateReserved": "2024-11-18T00:00:00",
"dateUpdated": "2024-11-18T15:21:59.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35202 (GCVE-0-2024-35202)
Vulnerability from cvelistv5
Published
2024-10-10 00:00
Modified
2024-10-10 15:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitcoin:bitcoin:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitcoin",
"vendor": "bitcoin",
"versions": [
{
"lessThan": "25.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:21:26.158094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:24:42.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block\u0027s merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T12:46:24.631113",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://github.com/bitcoin/bitcoin/releases/tag/v25.0"
},
{
"url": "https://bitcoincore.org/en/2024/10/08/disclose-blocktxn-crash/"
},
{
"url": "https://github.com/bitcoin/bitcoin/pull/26898"
},
{
"url": "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-25.0.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-35202",
"datePublished": "2024-10-10T00:00:00",
"dateReserved": "2024-05-12T00:00:00",
"dateUpdated": "2024-10-10T15:24:42.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25220 (GCVE-0-2019-25220)
Vulnerability from cvelistv5
Published
2024-11-18 00:00
Modified
2024-11-18 16:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain has enough work before committing to store it.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitcoin_core",
"vendor": "bitcoin",
"versions": [
{
"lessThan": "24.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-25220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T16:17:07.914367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T16:28:52.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a \"Chain Width Expansion\" attack) because a node does not first verify that a presented chain has enough work before committing to store it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T03:17:39.411525",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://bitcoincore.org/en/2024/09/18/disclose-headers-oom"
},
{
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-October/017354.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25220",
"datePublished": "2024-11-18T00:00:00",
"dateReserved": "2024-11-18T00:00:00",
"dateUpdated": "2024-11-18T16:28:52.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3219 (GCVE-0-2013-3219)
Vulnerability from cvelistv5
Published
2013-08-01 16:00
Modified
2024-09-16 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:10.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/BIP_0050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-01T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/BIP_0050"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"name": "https://en.bitcoin.it/wiki/BIP_0050",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/BIP_0050"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3219",
"datePublished": "2013-08-01T16:00:00Z",
"dateReserved": "2013-04-20T00:00:00Z",
"dateUpdated": "2024-09-16T23:10:47.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3220 (GCVE-0-2013-3220)
Vulnerability from cvelistv5
Published
2013-08-01 16:00
Modified
2024-09-16 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:10.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/BIP_0050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block\u0027s size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-01T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/BIP_0050"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block\u0027s size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"name": "https://en.bitcoin.it/wiki/BIP_0050",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/BIP_0050"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3220",
"datePublished": "2013-08-01T16:00:00Z",
"dateReserved": "2013-04-20T00:00:00Z",
"dateUpdated": "2024-09-16T22:24:42.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52913 (GCVE-0-2024-52913)
Vulnerability from cvelistv5
Published
2024-11-18 00:00
Modified
2024-11-18 15:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitcoin_core",
"vendor": "bitcoin",
"versions": [
{
"lessThan": "0.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:46:19.709963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:46:23.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T03:19:37.670485",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://bitcoincore.org/en/2024/07/03/disclose_already_asked_for/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52913",
"datePublished": "2024-11-18T00:00:00",
"dateReserved": "2024-11-18T00:00:00",
"dateUpdated": "2024-11-18T15:46:23.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3195 (GCVE-0-2021-3195)
Vulnerability from cvelistv5
Published
2021-01-21 07:48
Modified
2024-08-03 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/issues/20866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-17T22:19:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bitcoin/bitcoin/issues/20866"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bitcoin/bitcoin/issues/20866",
"refsource": "MISC",
"url": "https://github.com/bitcoin/bitcoin/issues/20866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3195",
"datePublished": "2021-01-21T07:48:58",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T16:45:51.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10724 (GCVE-0-2016-10724)
Vulnerability from cvelistv5
Published
2018-07-05 22:00
Modified
2024-08-06 03:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:30:20.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-17T18:45:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html",
"refsource": "MISC",
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html"
},
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"name": "https://github.com/JinBean/CVE-Extension",
"refsource": "MISC",
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"name": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure",
"refsource": "CONFIRM",
"url": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10724",
"datePublished": "2018-07-05T22:00:00",
"dateReserved": "2018-06-24T00:00:00",
"dateUpdated": "2024-08-06T03:30:20.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52917 (GCVE-0-2024-52917)
Vulnerability from cvelistv5
Published
2024-11-18 00:00
Modified
2024-11-18 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitcoin_core",
"vendor": "bitcoin",
"versions": [
{
"lessThan": "22.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:19:19.603741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:20:27.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T03:18:54.353495",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52917",
"datePublished": "2024-11-18T00:00:00",
"dateReserved": "2024-11-18T00:00:00",
"dateUpdated": "2024-11-18T15:20:27.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20586 (GCVE-0-2018-20586)
Vulnerability from cvelistv5
Published
2020-03-12 20:34
Modified
2024-08-05 12:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T20:34:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20586",
"datePublished": "2020-03-12T20:34:08",
"dateReserved": "2018-12-30T00:00:00",
"dateUpdated": "2024-08-05T12:05:17.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5139 (GCVE-0-2010-5139)
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-16 22:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcointalk.org/index.php?topic=822.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-06T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcointalk.org/index.php?topic=822.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitcointalk.org/index.php?topic=822.0",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/index.php?topic=822.0"
},
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5139",
"datePublished": "2012-08-06T16:00:00Z",
"dateReserved": "2012-05-29T00:00:00Z",
"dateUpdated": "2024-09-16T22:35:57.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52922 (GCVE-0-2024-52922)
Vulnerability from cvelistv5
Published
2024-11-18 00:00
Modified
2024-11-18 16:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitcoin_core",
"vendor": "bitcoin",
"versions": [
{
"lessThan": "25.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T16:13:41.383411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T16:15:38.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T03:17:54.174215",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://bitcoincore.org/en/2024/11/05/cb-stall-hindering-propagation/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52922",
"datePublished": "2024-11-18T00:00:00",
"dateReserved": "2024-11-18T00:00:00",
"dateUpdated": "2024-11-18T16:15:38.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50428 (GCVE-0-2023-50428)
Vulnerability from cvelistv5
Published
2023-12-09 00:00
Modified
2024-08-02 22:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/LukeDashjr/status/1732204937466032285"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it \"not a bug.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T16:57:05.960073",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://twitter.com/LukeDashjr/status/1732204937466032285"
},
{
"url": "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799"
},
{
"url": "https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md"
},
{
"url": "https://github.com/bitcoin/bitcoin/tags"
},
{
"url": "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50428",
"datePublished": "2023-12-09T00:00:00",
"dateReserved": "2023-12-09T00:00:00",
"dateUpdated": "2024-08-02T22:16:46.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1910 (GCVE-0-2012-1910)
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-16 23:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcointalk.org/index.php?topic=69120.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-06T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcointalk.org/index.php?topic=69120.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831",
"refsource": "CONFIRM",
"url": "https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831"
},
{
"name": "https://bitcointalk.org/index.php?topic=69120.0",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/index.php?topic=69120.0"
},
{
"name": "http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html",
"refsource": "CONFIRM",
"url": "http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html"
},
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1910",
"datePublished": "2012-08-06T16:00:00Z",
"dateReserved": "2012-03-26T00:00:00Z",
"dateUpdated": "2024-09-16T23:16:22.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3641 (GCVE-0-2015-3641)
Vulnerability from cvelistv5
Published
2020-03-12 20:42
Modified
2024-08-06 05:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:58.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an \"Easy\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T20:42:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an \"Easy\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3641",
"datePublished": "2020-03-12T20:42:08",
"dateReserved": "2015-05-04T00:00:00",
"dateUpdated": "2024-08-06T05:47:58.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10725 (GCVE-0-2016-10725)
Vulnerability from cvelistv5
Published
2018-07-05 22:00
Modified
2024-08-06 03:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:30:20.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core before v0.13.0, a non-final alert is able to block the special \"final alert\" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-17T18:51:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bitcoin Core before v0.13.0, a non-final alert is able to block the special \"final alert\" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html",
"refsource": "MISC",
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html"
},
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"name": "https://github.com/JinBean/CVE-Extension",
"refsource": "MISC",
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"name": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure",
"refsource": "CONFIRM",
"url": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10725",
"datePublished": "2018-07-05T22:00:00",
"dateReserved": "2018-06-25T00:00:00",
"dateUpdated": "2024-08-06T03:30:20.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5137 (GCVE-0-2010-5137)
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-16 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-06T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5137",
"datePublished": "2012-08-06T16:00:00Z",
"dateReserved": "2012-05-29T00:00:00Z",
"dateUpdated": "2024-09-16T23:46:31.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4165 (GCVE-0-2013-4165)
Vulnerability from cvelistv5
Published
2013-08-01 16:00
Modified
2024-09-16 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/issues/2838"
},
{
"name": "[oss-security] 20130725 Re: CVE request: timing leak in bitcoind",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/07/25/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/pull/2845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-01T16:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bitcoin/bitcoin/issues/2838"
},
{
"name": "[oss-security] 20130725 Re: CVE request: timing leak in bitcoind",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/07/25/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bitcoin/bitcoin/pull/2845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bitcoin/bitcoin/issues/2838",
"refsource": "MISC",
"url": "https://github.com/bitcoin/bitcoin/issues/2838"
},
{
"name": "[oss-security] 20130725 Re: CVE request: timing leak in bitcoind",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/07/25/5"
},
{
"name": "https://github.com/bitcoin/bitcoin/pull/2845",
"refsource": "MISC",
"url": "https://github.com/bitcoin/bitcoin/pull/2845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4165",
"datePublished": "2013-08-01T16:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-16T20:12:33.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5700 (GCVE-0-2013-5700)
Vulnerability from cvelistv5
Published
2013-09-10 10:00
Modified
2024-09-16 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:22:29.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcointalk.org/index.php?topic=287351"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-10T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcointalk.org/index.php?topic=287351"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"name": "https://bitcointalk.org/index.php?topic=287351",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/index.php?topic=287351"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5700",
"datePublished": "2013-09-10T10:00:00Z",
"dateReserved": "2013-09-05T00:00:00Z",
"dateUpdated": "2024-09-16T19:55:45.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55563 (GCVE-0-2024-55563)
Vulnerability from cvelistv5
Published
2024-12-09 00:00
Modified
2025-03-04 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel transactions.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-55563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T21:32:22.105949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T21:33:22.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel transactions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T00:05:20.736Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://bitcoincore.org"
},
{
"url": "https://delvingbitcoin.org/t/full-disclosure-transaction-relay-throughput-overflow-attacks-against-off-chain-protocols/1305"
},
{
"url": "https://gnusha.org/pi/bitcoindev/CALZpt+EptER=p+P7VN3QAb9n=dODA9_LnR9xZwWpRsdAwedv=w@mail.gmail.com/T/#u"
},
{
"url": "https://ariard.github.io"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-55563",
"datePublished": "2024-12-09T00:00:00.000Z",
"dateReserved": "2024-12-09T00:00:00.000Z",
"dateUpdated": "2025-03-04T21:33:22.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52914 (GCVE-0-2024-52914)
Vulnerability from cvelistv5
Published
2024-11-18 00:00
Modified
2024-11-18 15:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitcoin_core",
"vendor": "bitcoin",
"versions": [
{
"lessThan": "0.18.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:38:09.300402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:38:12.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T03:19:27.700253",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52914",
"datePublished": "2024-11-18T00:00:00",
"dateReserved": "2024-11-18T00:00:00",
"dateUpdated": "2024-11-18T15:38:12.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12842 (GCVE-0-2017-12842)
Vulnerability from cvelistv5
Published
2020-03-16 19:42
Modified
2024-08-05 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T19:42:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"name": "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/",
"refsource": "MISC",
"url": "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/"
},
{
"name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html",
"refsource": "MISC",
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12842",
"datePublished": "2020-03-16T19:42:50",
"dateReserved": "2017-08-14T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52915 (GCVE-0-2024-52915)
Vulnerability from cvelistv5
Published
2024-11-18 00:00
Modified
2024-11-18 15:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitcoin_core",
"vendor": "bitcoin",
"versions": [
{
"lessThan": "0.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:29:02.165226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:29:26.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T03:19:15.695396",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52915",
"datePublished": "2024-11-18T00:00:00",
"dateReserved": "2024-11-18T00:00:00",
"dateUpdated": "2024-11-18T15:29:26.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4683 (GCVE-0-2012-4683)
Vulnerability from cvelistv5
Published
2012-09-14 23:00
Modified
2024-09-17 03:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"name": "85354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/85354"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-14T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"name": "85354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/85354"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"name": "85354",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/85354"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4683",
"datePublished": "2012-09-14T23:00:00Z",
"dateReserved": "2012-08-28T00:00:00Z",
"dateUpdated": "2024-09-17T03:42:56.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1909 (GCVE-0-2012-1909)
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-17 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/BIP_0030"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531"
},
{
"name": "[bitcoin-development] 20120228 Duplicate transactions vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com\u0026forum_name=bitcoin-development"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=407793"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcointalk.org/index.php?topic=67738.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://r6.ca/blog/20120206T005236Z.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-06T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/BIP_0030"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531"
},
{
"name": "[bitcoin-development] 20120228 Duplicate transactions vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com\u0026forum_name=bitcoin-development"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=407793"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcointalk.org/index.php?topic=67738.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://r6.ca/blog/20120206T005236Z.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/BIP_0030",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/BIP_0030"
},
{
"name": "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531",
"refsource": "CONFIRM",
"url": "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531"
},
{
"name": "[bitcoin-development] 20120228 Duplicate transactions vulnerability",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com\u0026forum_name=bitcoin-development"
},
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=407793",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=407793"
},
{
"name": "https://bitcointalk.org/index.php?topic=67738.0",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/index.php?topic=67738.0"
},
{
"name": "http://r6.ca/blog/20120206T005236Z.html",
"refsource": "MISC",
"url": "http://r6.ca/blog/20120206T005236Z.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1909",
"datePublished": "2012-08-06T16:00:00Z",
"dateReserved": "2012-03-26T00:00:00Z",
"dateUpdated": "2024-09-17T00:31:19.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2273 (GCVE-0-2013-2273)
Vulnerability from cvelistv5
Published
2013-03-12 10:00
Modified
2024-09-16 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2273",
"datePublished": "2013-03-12T10:00:00Z",
"dateReserved": "2013-02-26T00:00:00Z",
"dateUpdated": "2024-09-16T23:40:26.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15947 (GCVE-0-2019-15947)
Vulnerability from cvelistv5
Published
2019-09-05 16:25
Modified
2024-08-05 01:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/issues/16824"
},
{
"name": "GLSA-202009-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202009-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user\u0027s wallet.dat file, including their private keys, via a grep \"6231 0500\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-30T01:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bitcoin/bitcoin/issues/16824"
},
{
"name": "GLSA-202009-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202009-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user\u0027s wallet.dat file, including their private keys, via a grep \"6231 0500\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b",
"refsource": "MISC",
"url": "https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b"
},
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947"
},
{
"name": "https://github.com/bitcoin/bitcoin/issues/16824",
"refsource": "MISC",
"url": "https://github.com/bitcoin/bitcoin/issues/16824"
},
{
"name": "GLSA-202009-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202009-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15947",
"datePublished": "2019-09-05T16:25:23",
"dateReserved": "2019-09-05T00:00:00",
"dateUpdated": "2024-08-05T01:03:32.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2272 (GCVE-0-2013-2272)
Vulnerability from cvelistv5
Published
2013-03-12 10:00
Modified
2024-09-16 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcointalk.org/?topic=135856"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcointalk.org/?topic=135856"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitcointalk.org/?topic=135856",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/?topic=135856"
},
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2272",
"datePublished": "2013-03-12T10:00:00Z",
"dateReserved": "2013-02-26T00:00:00Z",
"dateUpdated": "2024-09-16T23:05:38.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3789 (GCVE-0-2012-3789)
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-17 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-06T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3789",
"datePublished": "2012-08-06T16:00:00Z",
"dateReserved": "2012-06-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:46:45.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4447 (GCVE-0-2011-4447)
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-17 01:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcointalk.org/index.php?topic=51604.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitcointalk.org/index.php?topic=51474.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bitcoin.org/releases/2011/11/21/v0.5.0.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The \"encrypt wallet\" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-06T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcointalk.org/index.php?topic=51604.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitcointalk.org/index.php?topic=51474.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bitcoin.org/releases/2011/11/21/v0.5.0.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"encrypt wallet\" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitcointalk.org/index.php?topic=51604.0",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/index.php?topic=51604.0"
},
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"name": "https://bitcointalk.org/index.php?topic=51474.0",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/index.php?topic=51474.0"
},
{
"name": "http://bitcoin.org/releases/2011/11/21/v0.5.0.html",
"refsource": "CONFIRM",
"url": "http://bitcoin.org/releases/2011/11/21/v0.5.0.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4447",
"datePublished": "2012-08-06T16:00:00Z",
"dateReserved": "2011-11-14T00:00:00Z",
"dateUpdated": "2024-09-17T01:51:06.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52921 (GCVE-0-2024-52921)
Vulnerability from cvelistv5
Published
2024-11-18 00:00
Modified
2024-11-18 15:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitcoin_core",
"vendor": "bitcoin",
"versions": [
{
"lessThan": "25.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52921",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T15:35:13.657960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:35:17.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T03:18:08.337358",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"url": "https://bitcoincore.org/en/2024/10/08/disclose-mutated-blocks-hindering-propagation/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52921",
"datePublished": "2024-11-18T00:00:00",
"dateReserved": "2024-11-18T00:00:00",
"dateUpdated": "2024-11-18T15:35:17.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17145 (GCVE-0-2018-17145)
Vulnerability from cvelistv5
Published
2020-09-10 16:32
Modified
2024-08-05 10:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://invdos.net/paper/CVE-2018-17145.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://invdos.net"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T16:32:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://invdos.net/paper/CVE-2018-17145.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://invdos.net"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md",
"refsource": "MISC",
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md"
},
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145"
},
{
"name": "https://invdos.net/paper/CVE-2018-17145.pdf",
"refsource": "CONFIRM",
"url": "https://invdos.net/paper/CVE-2018-17145.pdf"
},
{
"name": "https://invdos.net",
"refsource": "CONFIRM",
"url": "https://invdos.net"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17145",
"datePublished": "2020-09-10T16:32:13",
"dateReserved": "2018-09-18T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4682 (GCVE-0-2012-4682)
Vulnerability from cvelistv5
Published
2012-09-14 23:00
Modified
2024-09-17 02:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"name": "85353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/85353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-14T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"name": "85353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/85353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"name": "85353",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/85353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4682",
"datePublished": "2012-09-14T23:00:00Z",
"dateReserved": "2012-08-28T00:00:00Z",
"dateUpdated": "2024-09-17T02:11:40.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20587 (GCVE-0-2018-20587)
Vulnerability from cvelistv5
Published
2019-02-11 12:00
Modified
2024-08-05 12:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-11T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587"
},
{
"name": "https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b",
"refsource": "MISC",
"url": "https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20587",
"datePublished": "2019-02-11T12:00:00",
"dateReserved": "2018-12-30T00:00:00",
"dateUpdated": "2024-08-05T12:05:17.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18350 (GCVE-0-2017-18350)
Vulnerability from cvelistv5
Published
2020-03-12 20:13
Modified
2024-08-05 21:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T20:13:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"name": "https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5",
"refsource": "MISC",
"url": "https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18350",
"datePublished": "2020-03-12T20:13:32",
"dateReserved": "2018-10-29T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-08-02 12:10
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.8.0 | |
| bitcoin | bitcoin_core | 0.8.0 | |
| bitcoin | bitcoin_core | 0.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FB8897-6ABE-48D4-A917-571342DF93FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA424B29-2C7E-49FB-AA7B-F27F0489EB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53B8A243-3A29-4E36-9974-6C19D944E9ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en bitcoind y Bitcoin-Qt 0.8.x, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) mediante una gran cantidad de mensajes con datos tx."
}
],
"id": "CVE-2013-4627",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-02T12:10:40.493",
"references": [
{
"source": "cve@mitre.org",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-18 04:15
Modified
2025-04-30 16:17
Severity ?
Summary
In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoincore.org/en/2024/10/08/disclose-mutated-blocks-hindering-propagation/ | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63478AA2-EF03-4005-93A1-443733DB2063",
"versionEndExcluding": "25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block."
},
{
"lang": "es",
"value": "En Bitcoin Core anterior a la versi\u00f3n 25.0, un par puede afectar el estado de descarga de otros pares enviando un bloque mutado."
}
],
"id": "CVE-2024-52921",
"lastModified": "2025-04-30T16:17:42.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-18T04:15:05.023",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2024/10/08/disclose-mutated-blocks-hindering-propagation/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-02 12:10
Modified
2025-04-11 00:51
Severity ?
Summary
bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/BIP_0050 | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/BIP_0050 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin-qt | * | |
| bitcoin | bitcoin-qt | 0.4 | |
| bitcoin | bitcoin-qt | 0.4.8 | |
| bitcoin | bitcoin-qt | 0.5.0 | |
| bitcoin | bitcoin-qt | 0.5.0.4 | |
| bitcoin | bitcoin-qt | 0.5.1 | |
| bitcoin | bitcoin-qt | 0.5.3.0 | |
| bitcoin | bitcoin-qt | 0.5.7 | |
| bitcoin | bitcoin-qt | 0.5.8 | |
| bitcoin | bitcoin-qt | 0.6.0.10 | |
| bitcoin | bitcoin-qt | 0.6.3 | |
| bitcoin | bitcoin-qt | 0.7.0 | |
| bitcoin | bitcoin-qt | 0.7.1 | |
| bitcoin | bitcoin-qt | 0.7.2 | |
| bitcoin | bitcoin-qt | 0.7.3 | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | bitcoin_core | 0.3.10 | |
| bitcoin | bitcoin_core | 0.3.11 | |
| bitcoin | bitcoin_core | 0.3.12 | |
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.2 | |
| bitcoin | bitcoin_core | 0.4.3 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.5 | |
| bitcoin | bitcoin_core | 0.4.6 | |
| bitcoin | bitcoin_core | 0.4.7 | |
| bitcoin | bitcoin_core | 0.5.0 | |
| bitcoin | bitcoin_core | 0.5.3 | |
| bitcoin | bitcoin_core | 0.5.3.1 | |
| bitcoin | bitcoin_core | 0.5.4 | |
| bitcoin | bitcoin_core | 0.5.5 | |
| bitcoin | bitcoin_core | 0.5.6 | |
| bitcoin | bitcoin_core | 0.6.0.1 | |
| bitcoin | bitcoin_core | 0.6.0.2 | |
| bitcoin | bitcoin_core | 0.6.0.3 | |
| bitcoin | bitcoin_core | 0.6.0.4 | |
| bitcoin | bitcoin_core | 0.6.0.5 | |
| bitcoin | bitcoin_core | 0.6.0.6 | |
| bitcoin | bitcoin_core | 0.6.0.7 | |
| bitcoin | bitcoin_core | 0.6.0.8 | |
| bitcoin | bitcoin_core | 0.6.1 | |
| bitcoin | bitcoin_core | 0.6.2 | |
| bitcoin | bitcoind | * | |
| bitcoin | bitcoind | 0.4.4 | |
| bitcoin | bitcoind | 0.5.7 | |
| bitcoin | bitcoind | 0.5.8 | |
| bitcoin | bitcoind | 0.6.0.0 | |
| bitcoin | bitcoind | 0.6.0.10 | |
| bitcoin | bitcoind | 0.6.3 | |
| bitcoin | bitcoind | 0.6.4 | |
| bitcoin | bitcoind | 0.6.5 | |
| bitcoin | bitcoind | 0.7.0 | |
| bitcoin | bitcoind | 0.7.1 | |
| bitcoin | bitcoind | 0.7.2 | |
| bitcoin | bitcoind | 0.7.3 | |
| bitcoin | qitcoin-qt | 0.6.4 | |
| bitcoin | qitcoin-qt | 0.6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46FD5DD3-6418-4437-95E0-9B0069257421",
"versionEndIncluding": "0.4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "107C630C-68AD-478B-9206-403CCEAE9B90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.4.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F567F467-E340-4BBA-9D42-DC3445EE09DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "27CD6BDE-3732-4863-B855-A0FD022DD62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20635DAC-54CF-48C4-979A-7E909A985093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0264EBF9-C104-49C5-9F43-E0CCC73154B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2233FD0-6F87-4B8B-BDC9-C633F428BA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA08FC-3D57-467B-838B-FDF1E67BF609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8D8F8107-6BB7-4C66-A0EC-58AAF841BE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.0.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1DB1A621-F271-4120-A642-CAC3D09232AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D758886-F560-4FF6-88DA-C5EEBAACA20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F473942D-1B5B-4348-9896-9828976A3C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A56DE917-D389-4D60-8586-D4F1DEB9012A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32A19BEA-853D-4727-B456-FCBAFF36CDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E741E2B4-6CEE-4C5A-9950-CA8F5A6610DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009847B-E8E7-4472-8260-4A334438C587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61F25360-9436-41C9-82CB-39D7FF087C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "83F460DD-E537-430D-A370-485E0A707560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9264DE-6336-4654-8E8A-A3725B845D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0874D-2223-4577-A8E6-93455B9C1DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F6B138-0ED9-4205-B544-66C4C60C3A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8494FF99-5D8C-497A-90E7-3D87807F5997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03E74F91-82C2-435C-BB20-3FF25E431B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63681DB5-2644-476C-86AD-D7DCD69AE1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42BE2305-B58F-4D12-80B1-AF0BF29E15CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEB8A5B-52A4-4D67-8472-46399998C4E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "148CF2B0-2C70-47B9-9547-382AE458DCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "74398A03-74B4-4EC4-A15E-047367614EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AF597D-8BBD-44FE-B0C9-8B03B0350F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4381211-305A-4FAD-BD0F-56513F153958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D079E05-C980-4257-9B39-D0750BF318D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3013254-B002-4F67-B6A0-747F9F82250E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "27283E3F-E88A-45ED-8BFA-C9C6A09EA642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B99F940E-EF59-4150-B980-0C70DC5995DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5744C1-16A1-4617-B3D0-90305DD0C145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B323C69A-C343-4FF3-BA70-2449A9083907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA3817C-4DC0-4867-8DD9-7B912602C80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD1B466-3E8D-4179-8AEE-07E51B04D396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EF7AA2D5-4829-4295-8C77-C772665C77E9",
"versionEndIncluding": "0.4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.4.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CC730AD6-2B5B-47A2-881E-B543ABD77AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0430A512-206A-4143-AC5F-C3E0AF19AD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.5.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "79ECD758-D902-4AD0-8752-AF7F1EDD0F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0E0AB1-DE49-46EA-AF18-FA9D053E2DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.0.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D29BF4F1-A79D-4AED-8D1A-59C58093F621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "57E4D76A-A84C-49F5-BDED-F64BB4C49972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3E64AEBF-988A-476E-9275-8B42C66F7101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F43E2D53-0126-44D2-A294-3F40E54493CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D062707E-A0FC-4A89-A59B-D68EFAFA8683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9979189E-737C-48F1-BBB3-2E878EC4D4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "416E87CB-03CC-4C72-9A41-CEE09A8A4FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B586D352-78D7-43D3-91A9-3803E69CA63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:qitcoin-qt:0.6.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9BC7C187-CD39-4792-AFC6-41E270C0D228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:qitcoin-qt:0.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51F6C875-C053-4E86-81D4-630135E8BACA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block\u0027s size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking."
},
{
"lang": "es",
"value": "bitcoind y Bitcoin-Qt anterior a 0.4.9rc2, 0.5.x anterior a 0.5.8rc2, 0.6.x anterior a 0.6.5rc2, y 0.7.x anterior a 0.7.3rc2, y wxBitcoin, no consideran adecuadamente si un tama\u00f1o de bloque podr\u00eda necesitar un n\u00famero elevado de cierres en las base de datos, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (divisi\u00f3n) y activar capacidades de \"double-spending\" a trav\u00e9s de un gran bloque que provoca un cierre incorrecto de Berkeley DB."
}
],
"id": "CVE-2013-3220",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-02T12:10:40.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/BIP_0050"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/BIP_0050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html | ||
| cve@mitre.org | https://bitcointalk.org/index.php?topic=69120.0 | ||
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | ||
| cve@mitre.org | https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcointalk.org/index.php?topic=69120.0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831 | Exploit, Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin-qt | 0.5.0 | |
| bitcoin | bitcoin-qt | 0.5.0.4 | |
| bitcoin | bitcoin-qt | 0.5.1 | |
| bitcoin | bitcoin-qt | 0.5.3.0 | |
| bitcoin | bitcoin_core | 0.5.0 | |
| bitcoin | bitcoin_core | 0.5.1 | |
| bitcoin | bitcoin_core | 0.5.2 | |
| bitcoin | bitcoin_core | 0.6.0 | |
| bitcoin | bitcoin_core | 0.6.0 | |
| bitcoin | bitcoin_core | 0.6.0 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "27CD6BDE-3732-4863-B855-A0FD022DD62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20635DAC-54CF-48C4-979A-7E909A985093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0264EBF9-C104-49C5-9F43-E0CCC73154B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2233FD0-6F87-4B8B-BDC9-C633F428BA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B27520D-C703-4A15-8C8E-A6250C468ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4715C1-22BF-495B-BA99-B4D7D64B5BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E79FF3-C56B-4A19-8AE3-4DDA64AC7BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE5CA7E-C9F2-47ED-9F89-32AC8D664824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A292912B-A5F1-4F90-81E6-0A3CA69166D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7F27334D-1CD6-4002-A5E4-9DA9F21E6FF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages."
},
{
"lang": "es",
"value": "Bitcoin-Qt 0.5.0.x anterior a 0.5.0.5; 0.5.1.x, 0.5.2.x, y 0.5.3.x anterior a 0.5.3.1; y 0.6.x anterior a 0.6.0rc4 sobre Windows no utiliza ning\u00fan manejador de excepciones MinGW multithread-safe, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n arbitrario de c\u00f3digo a trav\u00e9s de mensajes del protocolo de Bitcoin."
}
],
"id": "CVE-2012-1910",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-06T16:55:01.773",
"references": [
{
"source": "cve@mitre.org",
"url": "http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html"
},
{
"source": "cve@mitre.org",
"url": "https://bitcointalk.org/index.php?topic=69120.0"
},
{
"source": "cve@mitre.org",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bitcointalk.org/index.php?topic=69120.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-18 04:15
Modified
2025-04-30 16:16
Severity ?
Summary
Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom/ | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9F6DAE0-E03C-4EEF-A354-6FB5A9F97FD8",
"versionEndExcluding": "22.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device."
},
{
"lang": "es",
"value": "Bitcoin Core anterior a 22.0 tiene un bucle infinito miniupnp en el que asigna memoria en funci\u00f3n de datos aleatorios recibidos a trav\u00e9s de la red, por ejemplo, grandes respuestas M-SEARCH de un dispositivo UPnP falso."
}
],
"id": "CVE-2024-52917",
"lastModified": "2025-04-30T16:16:39.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-18T04:15:04.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | wxbitcoin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55AA4A6A-8435-4AB6-B0ED-67FBE5BD8DFE",
"versionEndIncluding": "0.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC0E465-8C7C-40F9-BFB9-77BA8B36D479",
"versionEndIncluding": "0.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors."
},
{
"lang": "es",
"value": "wxBitcoin y bitcoind anteriores a v0.3.5 no manejan correctamente los c\u00f3digos de operaci\u00f3n de secuencias de comandos en las transacciones Bitcoin, que permite a atacantes remotos gastar dinero Bitcoin que pertenece a otros usuarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-5141",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-06T16:55:01.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-14 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009847B-E8E7-4472-8260-4A334438C587",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en bitcoind y Bitcoin-Qt permite atacantes provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos, es una vulnerabilidad distinta a CVE-2012-4682."
}
],
"id": "CVE-2012-4683",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-14T23:55:15.183",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/85354"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/85354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-18 04:15
Modified
2025-04-30 16:18
Severity ?
Summary
In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoincore.org/en/2024/11/05/cb-stall-hindering-propagation/ | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0617BBA-F687-4991-9D01-C21BA6BE9811",
"versionEndExcluding": "25.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification."
},
{
"lang": "es",
"value": "En Bitcoin Core anterior a la versi\u00f3n 25.1, un atacante puede provocar que un nodo no descargue el \u00faltimo bloque, porque puede haber minutos de retraso cuando un nodo que lo anuncia se detiene en lugar de cumplir con la especificaci\u00f3n del protocolo peer-to-peer."
}
],
"id": "CVE-2024-52922",
"lastModified": "2025-04-30T16:18:21.393",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-18T04:15:05.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2024/11/05/cb-stall-hindering-propagation/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://r6.ca/blog/20120206T005236Z.html | ||
| cve@mitre.org | http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development | ||
| cve@mitre.org | https://bitcointalk.org/index.php?topic=67738.0 | ||
| cve@mitre.org | https://bugs.gentoo.org/show_bug.cgi?id=407793 | ||
| cve@mitre.org | https://en.bitcoin.it/wiki/BIP_0030 | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| cve@mitre.org | https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://r6.ca/blog/20120206T005236Z.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcointalk.org/index.php?topic=67738.0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/show_bug.cgi?id=407793 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/BIP_0030 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531 | Exploit, Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | bitcoin_core | 0.3.10 | |
| bitcoin | bitcoin_core | 0.3.11 | |
| bitcoin | bitcoin_core | 0.3.12 | |
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | wxbitcoin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009847B-E8E7-4472-8260-4A334438C587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:rc2:*:*:*:*:*:*",
"matchCriteriaId": "85185B12-FD03-43E7-85D0-3BF8299A3340",
"versionEndIncluding": "0.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61F25360-9436-41C9-82CB-39D7FF087C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "83F460DD-E537-430D-A370-485E0A707560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9264DE-6336-4654-8E8A-A3725B845D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0874D-2223-4577-A8E6-93455B9C1DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F6B138-0ED9-4205-B544-66C4C60C3A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8494FF99-5D8C-497A-90E7-3D87807F5997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68AA5321-2756-4741-9437-6D8904A677E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction."
},
{
"lang": "es",
"value": "El protocolo Bitcoin, como se usa en bitcoind anterior a v0.4.4, wxBitcoin, Bitcoin Qt, y otros programas, no maneja adecuadamente las transacciones m\u00faltiples con el mismo identificador, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (transacci\u00f3n unspendable) mediante el aprovechamiento de la capacidad de crear una transacci\u00f3n coinbase duplicado."
}
],
"id": "CVE-2012-1909",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-06T16:55:01.400",
"references": [
{
"source": "cve@mitre.org",
"url": "http://r6.ca/blog/20120206T005236Z.html"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com\u0026forum_name=bitcoin-development"
},
{
"source": "cve@mitre.org",
"url": "https://bitcointalk.org/index.php?topic=67738.0"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=407793"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/BIP_0030"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://r6.ca/blog/20120206T005236Z.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com\u0026forum_name=bitcoin-development"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bitcointalk.org/index.php?topic=67738.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=407793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/BIP_0030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-18 04:15
Modified
2025-04-30 16:16
Severity ?
Summary
Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoincore.org/en/2024/07/03/disclose-header-spam/ | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "506098D4-9B8F-41F4-9BBA-72A716B64151",
"versionEndExcluding": "0.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers."
},
{
"lang": "es",
"value": "Bitcoin Core anterior a 0.15.0 permite una denegaci\u00f3n de servicio (eliminaci\u00f3n OOM de un proceso daemon) a trav\u00e9s de una inundaci\u00f3n de encabezados de dificultad m\u00ednima."
}
],
"id": "CVE-2024-52916",
"lastModified": "2025-04-30T16:16:30.433",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-18T04:15:04.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2024/07/03/disclose-header-spam/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-18 04:15
Modified
2025-04-30 16:15
Severity ?
Summary
In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoincore.org/en/2024/07/03/disclose_already_asked_for/ | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "363F2960-E97D-4E16-9B24-1D66486C5C93",
"versionEndExcluding": "0.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled."
},
{
"lang": "es",
"value": "En Bitcoin Core anterior a la versi\u00f3n 0.21.0, un atacante pod\u00eda impedir que un nodo viera una transacci\u00f3n espec\u00edfica no confirmada, porque las nuevas solicitudes de transacciones se gestionaban incorrectamente."
}
],
"id": "CVE-2024-52913",
"lastModified": "2025-04-30T16:15:34.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-18T04:15:04.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2024/07/03/disclose_already_asked_for/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-16 20:15
Modified
2024-11-21 03:10
Severity ?
Summary
Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ | Third Party Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory | |
| cve@mitre.org | https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF2E80C-6192-4654-A3A6-2177A57E1D45",
"versionEndExcluding": "0.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount."
},
{
"lang": "es",
"value": "Bitcoin Core versiones anteriores a 0.14, permite a un atacante crear una prueba SPV ostensiblemente v\u00e1lida para un pago a una v\u00edctima que utiliza una billetera SPV, incluso si ese pago no es realizado realmente. Completar el ataque costar\u00eda m\u00e1s de un mill\u00f3n de d\u00f3lares, y es relevante principalmente solo en situaciones donde un sistema aut\u00f3nomo se basa \u00fanicamente en una prueba SPV para transacciones de un monto mayor en d\u00f3lares."
}
],
"id": "CVE-2017-12842",
"lastModified": "2024-11-21T03:10:17.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-16T20:15:12.423",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-18 04:15
Modified
2025-04-30 16:18
Severity ?
Summary
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/ | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E84B8A02-6D03-4809-87E0-AD87BE4422A4",
"versionEndExcluding": "0.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message."
},
{
"lang": "es",
"value": "Bitcoin Core anterior a 0.20.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de un mensaje GETDATA malformado."
}
],
"id": "CVE-2024-52920",
"lastModified": "2025-04-30T16:18:12.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-18T04:15:04.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcointalk.org/index.php?topic=822.0 | Exploit | |
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcointalk.org/index.php?topic=822.0 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | wxbitcoin | * | |
| bitcoin | wxbitcoin | 0.3.4 | |
| bitcoin | wxbitcoin | 0.3.5 | |
| bitcoin | wxbitcoin | 0.3.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E1D315-94D2-4FFB-A494-0E19760F11A5",
"versionEndIncluding": "0.3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61F25360-9436-41C9-82CB-39D7FF087C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFEB411E-F3C9-4F2D-9166-237A1D542089",
"versionEndIncluding": "0.3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "112B0DB9-99BC-42A7-9991-92E73462701E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75F6B20E-2957-4CCE-B9A4-692A4342BC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9C5F2E-EFD7-4F92-BD58-91F9AFB0B15E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction."
},
{
"lang": "es",
"value": "Desbordamiento de entero en wxBitcoin y bitcoind anteriores a v0.3.11 que permite a atacantes remotos eludir las restricciones econ\u00f3micas impuestas y crear un gran n\u00famero de Bitcoins a trav\u00e9s de una transacci\u00f3n Bitcoin modificada."
}
],
"id": "CVE-2010-5139",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-06T16:55:01.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bitcointalk.org/index.php?topic=822.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bitcointalk.org/index.php?topic=822.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | wxbitcoin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55AA4A6A-8435-4AB6-B0ED-67FBE5BD8DFE",
"versionEndIncluding": "0.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC0E465-8C7C-40F9-BFB9-77BA8B36D479",
"versionEndIncluding": "0.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode."
},
{
"lang": "es",
"value": "wxBitcoin y bitcoind anteriores a v0.3.5 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una transacci\u00f3n Bitcoin que contiene un c\u00f3digo de operaci\u00f3n secuencia de comandos OP_LSHIFT."
}
],
"id": "CVE-2010-5137",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-06T16:55:00.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-14 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009847B-E8E7-4472-8260-4A334438C587",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en bitcoind y Bitcoin-Qt permite a atacantes causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente de CVE-2012-4683."
}
],
"id": "CVE-2012-4682",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-14T23:55:15.137",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/85353"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/85353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-12 11:28
Modified
2025-04-11 00:51
Severity ?
Summary
The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcointalk.org/index.php?topic=148109.0 | ||
| cve@mitre.org | https://bitcointalk.org/index.php?topic=8392.0 | ||
| cve@mitre.org | https://en.bitcoin.it/wiki/CVE-2012-4684 | ||
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcointalk.org/index.php?topic=148109.0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcointalk.org/index.php?topic=8392.0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVE-2012-4684 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin-qt | 0.6.3 | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | bitcoin_core | 0.3.10 | |
| bitcoin | bitcoin_core | 0.3.11 | |
| bitcoin | bitcoin_core | 0.3.12 | |
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.2 | |
| bitcoin | bitcoin_core | 0.4.3 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.5 | |
| bitcoin | bitcoin_core | 0.4.6 | |
| bitcoin | bitcoin_core | 0.4.7 | |
| bitcoin | bitcoin_core | 0.5.0 | |
| bitcoin | bitcoin_core | 0.5.3 | |
| bitcoin | bitcoin_core | 0.5.3.1 | |
| bitcoin | bitcoin_core | 0.5.4 | |
| bitcoin | bitcoin_core | 0.5.5 | |
| bitcoin | bitcoin_core | 0.5.6 | |
| bitcoin | bitcoin_core | 0.6.0.1 | |
| bitcoin | bitcoin_core | 0.6.0.2 | |
| bitcoin | bitcoin_core | 0.6.0.3 | |
| bitcoin | bitcoin_core | 0.6.0.4 | |
| bitcoin | bitcoin_core | 0.6.0.5 | |
| bitcoin | bitcoin_core | 0.6.0.6 | |
| bitcoin | bitcoin_core | 0.6.0.7 | |
| bitcoin | bitcoin_core | 0.6.0.8 | |
| bitcoin | bitcoin_core | 0.6.1 | |
| bitcoin | bitcoin_core | 0.6.2 | |
| bitcoin | bitcoind | 0.6.3 | |
| bitcoin | wxbitcoin | 0.3.4 | |
| bitcoin | wxbitcoin | 0.3.5 | |
| bitcoin | wxbitcoin | 0.3.8 | |
| bitcoin | wxbitcoin | 0.3.10 | |
| bitcoin | wxbitcoin | 0.3.11 | |
| bitcoin | wxbitcoin | 0.4.0 | |
| bitcoin | wxbitcoin | 0.4.1 | |
| bitcoin | wxbitcoin | 0.4.1 | |
| bitcoin | wxbitcoin | 0.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D758886-F560-4FF6-88DA-C5EEBAACA20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61F25360-9436-41C9-82CB-39D7FF087C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "83F460DD-E537-430D-A370-485E0A707560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9264DE-6336-4654-8E8A-A3725B845D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0874D-2223-4577-A8E6-93455B9C1DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F6B138-0ED9-4205-B544-66C4C60C3A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8494FF99-5D8C-497A-90E7-3D87807F5997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03E74F91-82C2-435C-BB20-3FF25E431B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63681DB5-2644-476C-86AD-D7DCD69AE1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42BE2305-B58F-4D12-80B1-AF0BF29E15CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEB8A5B-52A4-4D67-8472-46399998C4E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "148CF2B0-2C70-47B9-9547-382AE458DCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "74398A03-74B4-4EC4-A15E-047367614EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AF597D-8BBD-44FE-B0C9-8B03B0350F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4381211-305A-4FAD-BD0F-56513F153958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D079E05-C980-4257-9B39-D0750BF318D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3013254-B002-4F67-B6A0-747F9F82250E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "27283E3F-E88A-45ED-8BFA-C9C6A09EA642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B99F940E-EF59-4150-B980-0C70DC5995DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5744C1-16A1-4617-B3D0-90305DD0C145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B323C69A-C343-4FF3-BA70-2449A9083907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA3817C-4DC0-4867-8DD9-7B912602C80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD1B466-3E8D-4179-8AEE-07E51B04D396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "57E4D76A-A84C-49F5-BDED-F64BB4C49972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "112B0DB9-99BC-42A7-9991-92E73462701E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75F6B20E-2957-4CCE-B9A4-692A4342BC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9C5F2E-EFD7-4F92-BD58-91F9AFB0B15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5665049D-5326-496F-82B9-FD65808F934B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDD2B05-34F6-4C5F-9443-FE67F9B86113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82B766B4-C3FD-42D8-9F7D-767B9C0C20F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7403B4E-912F-40F0-978C-C7D59AC92CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.4.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "87FCC078-AAF9-4FB4-B46E-EEE5D8488B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.5.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "C6A8CB89-F0A1-4E97-A053-CACC378BD8C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert."
},
{
"lang": "es",
"value": "La funcionalidad Alert en bitcoind y Bitcoin-Qt anterior a v0.7.0 soporta diferentes representaciones de caract\u00e9res de la misma firma de datos, pero depende del hash de esta firma, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de recursos) a trav\u00e9s de una firma v\u00e1lida modificada para una alerta circulante."
}
],
"id": "CVE-2012-4684",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-12T11:28:18.313",
"references": [
{
"source": "cve@mitre.org",
"url": "https://bitcointalk.org/index.php?topic=148109.0"
},
{
"source": "cve@mitre.org",
"url": "https://bitcointalk.org/index.php?topic=8392.0"
},
{
"source": "cve@mitre.org",
"url": "https://en.bitcoin.it/wiki/CVE-2012-4684"
},
{
"source": "cve@mitre.org",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bitcointalk.org/index.php?topic=148109.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bitcointalk.org/index.php?topic=8392.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://en.bitcoin.it/wiki/CVE-2012-4684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-05 17:15
Modified
2024-11-21 04:29
Severity ?
Summary
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947 | Not Applicable | |
| cve@mitre.org | https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b | Third Party Advisory | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/issues/16824 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202009-18 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/issues/16824 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202009-18 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.18.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0FD6643-BDF8-4B9E-B3FF-27C69C6EA20A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user\u0027s wallet.dat file, including their private keys, via a grep \"6231 0500\" command."
},
{
"lang": "es",
"value": "En Bitcoin Core versi\u00f3n 0.18.0, bitcoin-qt almacena los datos de wallet.dat sin cifrar en la memoria. Ante un bloqueo, puede volcar un archivo core. Si un usuario gestiona de manera incorrecta un archivo core, un atacante puede reconstruir el archivo wallet.dat del usuario, incluidas sus claves privadas, mediante un comando grep \"6231 0500\"."
}
],
"id": "CVE-2019-15947",
"lastModified": "2024-11-21T04:29:47.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-05T17:15:12.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/issues/16824"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/issues/16824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-05 22:29
Modified
2024-11-21 02:44
Severity ?
Summary
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure | ||
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory | |
| cve@mitre.org | https://github.com/JinBean/CVE-Extension | ||
| cve@mitre.org | https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/JinBean/CVE-Extension | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin-qt | * | |
| bitcoin | bitcoind | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C55186E2-552A-4CFB-9E1D-016E62AD44FB",
"versionEndExcluding": "0.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B37C74F-E3A1-4FE4-8731-263D83D404DE",
"versionEndExcluding": "0.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD637BBB-45AB-4DC3-A048-DCBD894CE390",
"versionEndExcluding": "0.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core before v0.13.0, a non-final alert is able to block the special \"final alert\" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins."
},
{
"lang": "es",
"value": "En Bitcoin Core en versiones anteriores a la v0.13.0, una alerta no final puede bloquear la \"alerta final\" especial (que se supone que debe anteponerse a todas las otras alertas) debido a que las operaciones ocurren en el orden incorrecto. Este comportamiento ocurren en el sistema de alertas de red remoto (obsoleto desde el primer trimestre de 2016). Esto afecta a otros usos del c\u00f3digo base, como Bitcoin Knots en versiones anteriores a la v0.13.0.knots20160814 y otros altcoins."
}
],
"id": "CVE-2016-10725",
"lastModified": "2024-11-21T02:44:36.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-05T22:29:00.327",
"references": [
{
"source": "cve@mitre.org",
"url": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-19 08:29
Modified
2024-11-21 03:53
Severity ?
Summary
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoincore.org/en/2018/09/18/release-0.16.3/ | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144 | Third Party Advisory | |
| cve@mitre.org | https://github.com/JinBean/CVE-Extension | Third Party Advisory | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcoincore.org/en/2018/09/18/release-0.16.3/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/JinBean/CVE-Extension | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | * | |
| bitcoinknots | bitcoin_knots | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B631450-47D0-4BE4-8A80-CBAC0ED15B79",
"versionEndExcluding": "0.14.3",
"versionStartIncluding": "0.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7644C16B-2B66-4A66-BAB3-923D7BB1A9A3",
"versionEndExcluding": "0.15.2",
"versionStartIncluding": "0.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5F1D9C-B758-4A43-B59E-D9E436804EC0",
"versionEndExcluding": "0.16.3",
"versionStartIncluding": "0.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB243061-9C18-44FD-ABAD-0759DCFC2E42",
"versionEndExcluding": "0.16.3",
"versionStartIncluding": "0.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash."
},
{
"lang": "es",
"value": "Bitcoin Core en versiones 0.14.x anteriores a la 0.14.3, 0.15.x anteriores a la 0.15.2 y 0.16.x anteriores a la 0.16.3 y Bitcoin Knots desde las versiones 0.14.x hasta las 0.16.x anteriores a la 0.16.3 permiten una denegaci\u00f3n remota de servicio (cierre inesperado de la aplicaci\u00f3n) explotable por mineros mediante entradas duplicadas. Un atacante puede provocar el cierre inesperado de bitcoind o de Bitcoin-Qt."
}
],
"id": "CVE-2018-17144",
"lastModified": "2024-11-21T03:53:57.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-19T08:29:00.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2018/09/18/release-0.16.3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-18 04:15
Modified
2025-04-30 16:15
Severity ?
Summary
In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/ | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C7B785-5233-4B82-AE46-6A3429F6217C",
"versionEndExcluding": "0.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction."
},
{
"lang": "es",
"value": "En Bitcoin Core anterior a la versi\u00f3n 0.18.0, un nodo pod\u00eda quedar bloqueado durante horas al procesar los hu\u00e9rfanos de una transacci\u00f3n no confirmada creada."
}
],
"id": "CVE-2024-52914",
"lastModified": "2025-04-30T16:15:51.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-18T04:15:04.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-12 21:15
Modified
2024-11-21 03:19
Severity ?
Summary
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory | |
| cve@mitre.org | https://medium.com/%40lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://medium.com/%40lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2ED1826-FB8C-42AD-9D4C-A62FBDC99D62",
"versionEndExcluding": "0.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name."
},
{
"lang": "es",
"value": "bitcoind y Bitcoin-Qt versiones anteriores a 0.15.1, presentan un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria si es usado un servidor proxy SOCKS controlado por el atacante. Esto resulta de un error de la propiedad signedness de enteros cuando el servidor proxy responde con el reconocimiento de un nombre de dominio de destino inesperado."
}
],
"id": "CVE-2017-18350",
"lastModified": "2024-11-21T03:19:54.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-12T21:15:12.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | wxbitcoin | 0.3.4 | |
| bitcoin | wxbitcoin | 0.3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "112B0DB9-99BC-42A7-9991-92E73462701E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75F6B20E-2957-4CCE-B9A4-692A4342BC67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes."
},
{
"lang": "es",
"value": "wxBitcoin y bitcoind v0.3.x permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de electricidad) a trav\u00e9s de una transacci\u00f3n Bitcoin que contiene m\u00faltiples c\u00f3digos de operaci\u00f3n OP_CHECKSIG."
}
],
"id": "CVE-2010-5138",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-06T16:55:01.023",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.2 | |
| bitcoin | bitcoin_core | 0.4.3 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.5 | |
| bitcoin | bitcoin_core | 0.4.6 | |
| bitcoin | bitcoin_core | 0.4.7 | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.5.0 | |
| bitcoin | bitcoin_core | 0.5.1 | |
| bitcoin | bitcoin_core | 0.5.3 | |
| bitcoin | bitcoin_core | 0.5.3.1 | |
| bitcoin | bitcoin_core | 0.5.4 | |
| bitcoin | bitcoin_core | 0.5.5 | |
| bitcoin | bitcoin_core | 0.5.6 | |
| bitcoin | bitcoin_core | 0.6.0.1 | |
| bitcoin | bitcoin_core | 0.6.0.2 | |
| bitcoin | bitcoin_core | 0.6.0.3 | |
| bitcoin | bitcoin_core | 0.6.0.4 | |
| bitcoin | bitcoin_core | 0.6.0.5 | |
| bitcoin | bitcoin_core | 0.6.0.6 | |
| bitcoin | bitcoin_core | 0.6.0.7 | |
| bitcoin | bitcoin_core | 0.6.0.8 | |
| bitcoin | bitcoin_core | 0.6.0 | |
| bitcoin | bitcoin_core | 0.6.0 | |
| bitcoin | bitcoin_core | 0.6.1 | |
| bitcoin | bitcoin_core | 0.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F6B138-0ED9-4205-B544-66C4C60C3A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8494FF99-5D8C-497A-90E7-3D87807F5997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03E74F91-82C2-435C-BB20-3FF25E431B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63681DB5-2644-476C-86AD-D7DCD69AE1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42BE2305-B58F-4D12-80B1-AF0BF29E15CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEB8A5B-52A4-4D67-8472-46399998C4E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "148CF2B0-2C70-47B9-9547-382AE458DCFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EC931DAC-BDB5-4F55-BFF3-519F9B6C63FF",
"versionEndIncluding": "0.5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "74398A03-74B4-4EC4-A15E-047367614EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4715C1-22BF-495B-BA99-B4D7D64B5BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AF597D-8BBD-44FE-B0C9-8B03B0350F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4381211-305A-4FAD-BD0F-56513F153958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D079E05-C980-4257-9B39-D0750BF318D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3013254-B002-4F67-B6A0-747F9F82250E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "27283E3F-E88A-45ED-8BFA-C9C6A09EA642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B99F940E-EF59-4150-B980-0C70DC5995DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5744C1-16A1-4617-B3D0-90305DD0C145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B323C69A-C343-4FF3-BA70-2449A9083907",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A292912B-A5F1-4F90-81E6-0A3CA69166D3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7F27334D-1CD6-4002-A5E4-9DA9F21E6FF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA3817C-4DC0-4867-8DD9-7B912602C80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD1B466-3E8D-4179-8AEE-07E51B04D396",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en bitcoind y Bitcoin-Qt anterior a v0.4.7rc3, v0.5.x anterior a v0.5.6rc3, v0.6.0.x anterior a v0.6.0.9rc1, y v0.6.x anterior a v0.6.3rc1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (proceso de bloqueo) a trav\u00e9s de un comportamiento desconocido en una red Bitcoin."
}
],
"id": "CVE-2012-3789",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-06T16:55:05.993",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-07 00:15
Modified
2024-11-21 08:11
Severity ?
Summary
Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoin.org/en/bitcoin-core/ | Product | |
| cve@mitre.org | https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=oEl4M1oZim0 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcoin.org/en/bitcoin-core/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=oEl4M1oZim0 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 22.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48C9311E-0E15-4879-81C2-38F2A2338F53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app\u0027s memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing."
},
{
"lang": "es",
"value": "Los problemas de gesti\u00f3n de memoria y protecci\u00f3n en Bitcoin Core v22 permiten a los atacantes modificar la direcci\u00f3n de env\u00edo almacenada en la memoria de la aplicaci\u00f3n, lo que potencialmente les permite redirigir las transacciones de Bitcoin a los monederos de su elecci\u00f3n. "
}
],
"id": "CVE-2023-37192",
"lastModified": "2024-11-21T08:11:09.863",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-07T00:15:10.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://bitcoin.org/en/bitcoin-core/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=oEl4M1oZim0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://bitcoin.org/en/bitcoin-core/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=oEl4M1oZim0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-02 12:10
Modified
2025-04-11 00:51
Severity ?
Summary
The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://openwall.com/lists/oss-security/2013/07/25/5 | ||
| secalert@redhat.com | https://github.com/bitcoin/bitcoin/issues/2838 | ||
| secalert@redhat.com | https://github.com/bitcoin/bitcoin/pull/2845 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2013/07/25/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/issues/2838 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/pull/2845 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53B8A243-3A29-4E36-9974-6C19D944E9ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack."
},
{
"lang": "es",
"value": "La funci\u00f3n HTTPAuthorized en bitcoinrpc.cpp en bitcoind 0.8.1, ofrece informaci\u00f3n acerca del fallo de autenticaci\u00f3n incluso detectando el primer byte incorrecto de la contrase\u00f1a, lo que facilita a atacantes remotos el determinar las contrase\u00f1as mediante un ataque del tipo \"timing side-channel\"."
}
],
"id": "CVE-2013-4165",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-02T12:10:40.487",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2013/07/25/5"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/bitcoin/bitcoin/issues/2838"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/bitcoin/bitcoin/pull/2845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2013/07/25/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/bitcoin/bitcoin/issues/2838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/bitcoin/bitcoin/pull/2845"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-02 12:10
Modified
2025-04-11 00:51
Severity ?
Summary
bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/BIP_0050 | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/BIP_0050 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.8.0 | |
| bitcoin | bitcoin_core | 0.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FB8897-6ABE-48D4-A917-571342DF93FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA424B29-2C7E-49FB-AA7B-F27F0489EB63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions."
},
{
"lang": "es",
"value": "bitcoind y Bitcoin-Qt 0.8.x anterior a 0.8.1, no refuerza un regla de bloqueo determinada, lo que permite a atacantes remotos evitar las restricciones de acceso y llevar a cabo ataques de \"double-spending\" a trav\u00e9s de un gran bloque que provoca un cierre incorrecto de Berkeley DB en versiones antiguas del software."
}
],
"id": "CVE-2013-3219",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-02T12:10:40.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/BIP_0050"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/BIP_0050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-18 04:15
Modified
2025-04-30 16:14
Severity ?
Summary
Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/ | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "363F2960-E97D-4E16-9B24-1D66486C5C93",
"versionEndExcluding": "0.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug."
},
{
"lang": "es",
"value": "Bitcoin Core anterior a 0.21.0 permite una divisi\u00f3n de red que es resultado de un desbordamiento de enteros (calcular el desfase horario para los nuevos pares que se conectan) y un error de l\u00f3gica abs64."
}
],
"id": "CVE-2024-52912",
"lastModified": "2025-04-30T16:14:24.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-18T04:15:04.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-12 11:28
Modified
2025-04-11 00:51
Severity ?
Summary
The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin-qt | * | |
| bitcoin | bitcoin-qt | 0.4 | |
| bitcoin | bitcoin-qt | 0.5.0 | |
| bitcoin | bitcoin-qt | 0.5.0.4 | |
| bitcoin | bitcoin-qt | 0.5.1 | |
| bitcoin | bitcoin-qt | 0.5.3.0 | |
| bitcoin | bitcoin-qt | 0.5.7 | |
| bitcoin | bitcoin-qt | 0.6.0.10 | |
| bitcoin | bitcoin-qt | 0.6.3 | |
| bitcoin | bitcoin-qt | 0.7.0 | |
| bitcoin | bitcoin-qt | 0.7.1 | |
| bitcoin | bitcoin-qt | 0.7.2 | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | bitcoin_core | 0.3.10 | |
| bitcoin | bitcoin_core | 0.3.11 | |
| bitcoin | bitcoin_core | 0.3.12 | |
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.2 | |
| bitcoin | bitcoin_core | 0.4.3 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.5 | |
| bitcoin | bitcoin_core | 0.4.6 | |
| bitcoin | bitcoin_core | 0.4.7 | |
| bitcoin | bitcoin_core | 0.5.0 | |
| bitcoin | bitcoin_core | 0.5.3 | |
| bitcoin | bitcoin_core | 0.5.3.1 | |
| bitcoin | bitcoin_core | 0.5.4 | |
| bitcoin | bitcoin_core | 0.5.5 | |
| bitcoin | bitcoin_core | 0.5.6 | |
| bitcoin | bitcoin_core | 0.6.0.1 | |
| bitcoin | bitcoin_core | 0.6.0.2 | |
| bitcoin | bitcoin_core | 0.6.0.3 | |
| bitcoin | bitcoin_core | 0.6.0.4 | |
| bitcoin | bitcoin_core | 0.6.0.5 | |
| bitcoin | bitcoin_core | 0.6.0.6 | |
| bitcoin | bitcoin_core | 0.6.0.7 | |
| bitcoin | bitcoin_core | 0.6.0.8 | |
| bitcoin | bitcoin_core | 0.6.1 | |
| bitcoin | bitcoin_core | 0.6.2 | |
| bitcoin | bitcoind | * | |
| bitcoin | bitcoind | 0.5.7 | |
| bitcoin | bitcoind | 0.6.0.0 | |
| bitcoin | bitcoind | 0.6.0.10 | |
| bitcoin | bitcoind | 0.6.3 | |
| bitcoin | bitcoind | 0.6.4 | |
| bitcoin | bitcoind | 0.7.0 | |
| bitcoin | bitcoind | 0.7.1 | |
| bitcoin | bitcoind | 0.7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:*:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E080E161-2DAC-4C34-8398-DDD146506DB8",
"versionEndIncluding": "0.4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "107C630C-68AD-478B-9206-403CCEAE9B90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "27CD6BDE-3732-4863-B855-A0FD022DD62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20635DAC-54CF-48C4-979A-7E909A985093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0264EBF9-C104-49C5-9F43-E0CCC73154B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2233FD0-6F87-4B8B-BDC9-C633F428BA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA08FC-3D57-467B-838B-FDF1E67BF609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.0.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1DB1A621-F271-4120-A642-CAC3D09232AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D758886-F560-4FF6-88DA-C5EEBAACA20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F473942D-1B5B-4348-9896-9828976A3C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A56DE917-D389-4D60-8586-D4F1DEB9012A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32A19BEA-853D-4727-B456-FCBAFF36CDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009847B-E8E7-4472-8260-4A334438C587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61F25360-9436-41C9-82CB-39D7FF087C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "83F460DD-E537-430D-A370-485E0A707560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9264DE-6336-4654-8E8A-A3725B845D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0874D-2223-4577-A8E6-93455B9C1DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F6B138-0ED9-4205-B544-66C4C60C3A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8494FF99-5D8C-497A-90E7-3D87807F5997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03E74F91-82C2-435C-BB20-3FF25E431B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63681DB5-2644-476C-86AD-D7DCD69AE1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42BE2305-B58F-4D12-80B1-AF0BF29E15CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEB8A5B-52A4-4D67-8472-46399998C4E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "148CF2B0-2C70-47B9-9547-382AE458DCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "74398A03-74B4-4EC4-A15E-047367614EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AF597D-8BBD-44FE-B0C9-8B03B0350F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4381211-305A-4FAD-BD0F-56513F153958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D079E05-C980-4257-9B39-D0750BF318D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3013254-B002-4F67-B6A0-747F9F82250E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "27283E3F-E88A-45ED-8BFA-C9C6A09EA642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B99F940E-EF59-4150-B980-0C70DC5995DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5744C1-16A1-4617-B3D0-90305DD0C145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B323C69A-C343-4FF3-BA70-2449A9083907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA3817C-4DC0-4867-8DD9-7B912602C80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD1B466-3E8D-4179-8AEE-07E51B04D396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:*:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F0EC3A7C-D203-459E-8F03-3E0E859CB7FE",
"versionEndIncluding": "0.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0430A512-206A-4143-AC5F-C3E0AF19AD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0E0AB1-DE49-46EA-AF18-FA9D053E2DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.0.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D29BF4F1-A79D-4AED-8D1A-59C58093F621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "57E4D76A-A84C-49F5-BDED-F64BB4C49972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3E64AEBF-988A-476E-9275-8B42C66F7101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D062707E-A0FC-4A89-A59B-D68EFAFA8683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9979189E-737C-48F1-BBB3-2E878EC4D4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "416E87CB-03CC-4C72-9A41-CEE09A8A4FAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees."
},
{
"lang": "es",
"value": "El mecanismo de protecci\u00f3n \"penny-flooding\" en el m\u00e9todo CTxMemPool::accept en bitcoind and Bitcoin-Qt before v0.4.9rc1, v0.5.x anterior a v0.5.8rc1, v0.6.0 anterior a v0.6.0.11rc1, v0.6.1 hasta v0.6.5 anterior a v0.6.5rc1, y v0.7.x anterior a v0.7.3rc1 permite a atacantes remotos determinar asociaciones entre \"wallet addresses\" y direcciones IP mediante una serie de transacciones Bitcoin con insuficientes tasas."
}
],
"id": "CVE-2013-2272",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-12T11:28:18.337",
"references": [
{
"source": "cve@mitre.org",
"url": "https://bitcointalk.org/?topic=135856"
},
{
"source": "cve@mitre.org",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bitcointalk.org/?topic=135856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-10 17:15
Modified
2024-11-21 03:53
Severity ?
Summary
Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145 | Vendor Advisory | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://invdos.net | Third Party Advisory | |
| cve@mitre.org | https://invdos.net/paper/CVE-2018-17145.pdf | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://invdos.net | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://invdos.net/paper/CVE-2018-17145.pdf | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bcoin | bcoin | * | |
| bitcoin | bitcoin_core | * | |
| bitcoinknots | bitcoin_knots | * | |
| btcd_project | btcd | 0.3.0 | |
| btcd_project | btcd | 0.3.1 | |
| btcd_project | btcd | 0.3.2 | |
| btcd_project | btcd | 0.3.3 | |
| btcd_project | btcd | 0.4.0 | |
| btcd_project | btcd | 0.5.0 | |
| btcd_project | btcd | 0.6.0 | |
| btcd_project | btcd | 0.7.0 | |
| btcd_project | btcd | 0.8.0 | |
| btcd_project | btcd | 0.9.0 | |
| btcd_project | btcd | 0.10.0 | |
| btcd_project | btcd | 0.11.0 | |
| btcd_project | btcd | 0.11.1 | |
| btcd_project | btcd | 0.12.0 | |
| btcd_project | btcd | 0.13.0 | |
| btcd_project | btcd | 0.13.0 | |
| btcd_project | btcd | 0.20.0 | |
| btcd_project | btcd | 0.20.1 | |
| decred | dcrd | * | |
| litecoin | litecoin | * | |
| namecoin | namecoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bcoin:bcoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D47D52B-8C16-4A9C-ADFC-92B0C8C4C7E2",
"versionEndExcluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54E8DE3C-5E58-4BAB-8C28-EC7CF9749B0B",
"versionEndExcluding": "0.16.2",
"versionStartIncluding": "0.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD003E0-D891-4340-9818-7231219F72B0",
"versionEndExcluding": "0.16.2",
"versionStartIncluding": "0.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.3.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "F24D4ED2-623F-44E4-9BE7-E8F4004A26B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.3.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "DFA56887-43B2-4831-883C-D4E9C3B2AD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.3.2:alpha:*:*:*:*:*:*",
"matchCriteriaId": "8701A58C-A87A-42DD-B841-960246BE486A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.3.3:alpha:*:*:*:*:*:*",
"matchCriteriaId": "6B066ACB-83C2-4678-AFAA-0C1A9AA592E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "C036F3F2-A5ED-47BA-B98C-08788C8E390B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.5.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "CB365F56-5FD5-4C2C-9E37-0352A981C427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.6.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "F02ECCBD-18C8-4CF9-9611-55454506EA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.7.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "81BA7357-679A-4950-A38F-56E4423339FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.8.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "117660E8-0A79-4558-88C6-00B96C896967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.9.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "82BC5866-F639-47E1-A083-F383A9E40E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "CB7F92D5-42D4-4EFD-929A-15ADC79A79CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "E386CD33-130A-4064-8112-4B492E7A437F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.11.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "4F0976B7-1D89-41A3-AA8C-035A0646B3FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.12.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "6FFE3B5E-B0FD-469E-AFB6-E5E77964ED4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.13.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "5D6EBD54-5A03-4022-BE66-D3F380CAFADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.13.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "08F558B9-DAD3-47B0-A56B-F574CAC36CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.20.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "00C62A96-3EBC-4FA4-8BF1-718F5E6B3A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:btcd_project:btcd:0.20.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "029A3CB7-0076-4908-9EA7-127F549739A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:decred:dcrd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "257D3613-4A8C-4C78-A219-85793EE29132",
"versionEndExcluding": "1.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:litecoin:litecoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "265C6B30-51DA-45FD-9637-7BA9DFDD27AB",
"versionEndExcluding": "0.16.2",
"versionStartIncluding": "0.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:namecoin:namecoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30BE44E8-2ADB-4F7B-855E-9539AD459278",
"versionEndExcluding": "0.16.2",
"versionStartIncluding": "0.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15."
},
{
"lang": "es",
"value": "Bitcoin Core versiones 0.16.x anteriores a 0.16.2 y Bitcoin Knots versiones 0.16.x anteriores a 0.16.2, permite la denegaci\u00f3n de servicio remota por medio de una avalancha de mensajes inv de transacciones m\u00faltiples con hashes aleatorios, tambi\u00e9n se conoce como INVDoS. NOTA: esto tambi\u00e9n puede afectar a otras criptomonedas, por ejemplo, si se bifurcaron desde Bitcoin Core despu\u00e9s del 15/11/2017"
}
],
"id": "CVE-2018-17145",
"lastModified": "2024-11-21T03:53:57.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-10T17:15:25.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://invdos.net"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://invdos.net/paper/CVE-2018-17145.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://invdos.net"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://invdos.net/paper/CVE-2018-17145.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-12 21:15
Modified
2024-11-21 02:29
Severity ?
Summary
bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4733A119-21AA-4EBD-A65F-24F118775990",
"versionEndExcluding": "0.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an \"Easy\" attack."
},
{
"lang": "es",
"value": "bitcoind y Bitcoin-Qt versiones anteriores a 0.10.2, permiten a atacantes causar una denegaci\u00f3n de servicio (funcionalidad desactivada tal y como un bloqueo de aplicaci\u00f3n cliente) por medio de un ataque \"Easy\"."
}
],
"id": "CVE-2015-3641",
"lastModified": "2024-11-21T02:29:33.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-12T21:15:11.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-12 21:15
Modified
2024-11-21 04:01
Severity ?
Summary
bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.12.0 | |
| bitcoin | bitcoin_core | 0.12.0 | |
| bitcoin | bitcoin_core | 0.12.0 | |
| bitcoin | bitcoin_core | 0.12.0 | |
| bitcoin | bitcoin_core | 0.12.0 | |
| bitcoin | bitcoin_core | 0.12.1 | |
| bitcoin | bitcoin_core | 0.12.1 | |
| bitcoin | bitcoin_core | 0.12.1 | |
| bitcoin | bitcoin_core | 0.13 | |
| bitcoin | bitcoin_core | 0.13.0 | |
| bitcoin | bitcoin_core | 0.13.0 | |
| bitcoin | bitcoin_core | 0.13.0 | |
| bitcoin | bitcoin_core | 0.13.0 | |
| bitcoin | bitcoin_core | 0.13.1 | |
| bitcoin | bitcoin_core | 0.13.1 | |
| bitcoin | bitcoin_core | 0.13.1 | |
| bitcoin | bitcoin_core | 0.13.1 | |
| bitcoin | bitcoin_core | 0.13.2 | |
| bitcoin | bitcoin_core | 0.13.2 | |
| bitcoin | bitcoin_core | 0.14.0 | |
| bitcoin | bitcoin_core | 0.14.0 | |
| bitcoin | bitcoin_core | 0.14.0 | |
| bitcoin | bitcoin_core | 0.14.0 | |
| bitcoin | bitcoin_core | 0.14.1 | |
| bitcoin | bitcoin_core | 0.14.1 | |
| bitcoin | bitcoin_core | 0.14.1 | |
| bitcoin | bitcoin_core | 0.14.2 | |
| bitcoin | bitcoin_core | 0.14.2 | |
| bitcoin | bitcoin_core | 0.14.2 | |
| bitcoin | bitcoin_core | 0.14.3 | |
| bitcoin | bitcoin_core | 0.15.0 | |
| bitcoin | bitcoin_core | 0.15.0 | |
| bitcoin | bitcoin_core | 0.15.0 | |
| bitcoin | bitcoin_core | 0.15.0 | |
| bitcoin | bitcoin_core | 0.15.0.1 | |
| bitcoin | bitcoin_core | 0.15.1 | |
| bitcoin | bitcoin_core | 0.15.1 | |
| bitcoin | bitcoin_core | 0.15.2 | |
| bitcoin | bitcoin_core | 0.16.0 | |
| bitcoin | bitcoin_core | 0.16.0 | |
| bitcoin | bitcoin_core | 0.16.0 | |
| bitcoin | bitcoin_core | 0.16.0 | |
| bitcoin | bitcoin_core | 0.16.0 | |
| bitcoin | bitcoin_core | 0.16.1 | |
| bitcoin | bitcoin_core | 0.16.1 | |
| bitcoin | bitcoin_core | 0.16.1 | |
| bitcoin | bitcoin_core | 0.16.2 | |
| bitcoin | bitcoin_core | 0.16.2 | |
| bitcoin | bitcoin_core | 0.16.2 | |
| bitcoin | bitcoin_core | 0.16.3 | |
| bitcoin | bitcoin_core | 0.17.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14CC1402-251D-441D-921F-E6D0933831D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "07B7FF50-0406-4648-B873-2F30D711889E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4E04A666-9C60-4835-A97A-4354FDDB3A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D0742D09-FAFF-4F84-87A8-372ABEE07B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D920FDBD-18C5-4252-95C8-18342739F00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "C1E3D81A-E732-4580-BD06-484BBB78F460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85F32470-AEE3-498E-99D1-AFCB88813D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C3179A1E-0730-4120-BF67-8F1BA2F84DE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2A6D5F-6633-4A00-A0A0-FA75EF85F995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4EB034E6-2DEF-475B-A988-342CBE5E3C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC725933-01E7-457C-ADA8-B61CB9D8B5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1C085D41-3632-4285-B951-6BB64625023D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.13.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "25743E75-EE87-4DFD-8DF5-A367602F2640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.13.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AD791670-C4F8-486E-A891-E49BAC240F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.13.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F32CC982-950A-4EE7-AECC-972FBFB71606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.13.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C30AEEE6-BB5A-4B85-90E8-7D9E3C71A9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.13.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "16F7423D-02CD-4734-A598-784F448DFD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.13.2:-:*:*:*:*:*:*",
"matchCriteriaId": "1834BD1D-59B2-471C-84C1-588A276B4087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.13.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8B8D112-ADF2-4441-9C3B-0E8188F51540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "120F19E5-E58D-4E40-8BA4-B0A6465FDC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A4E12E54-BB09-472B-93A6-12A77AF854AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4775D0C9-AB2E-459B-925F-B1832E2F142C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E5E1FAB0-FAB8-484C-B9F6-D85775DF2908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "8E03BEFD-5E87-4704-9E42-6A6A3D56078E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.14.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1790406B-3447-46A1-8E71-32BB31A6BA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.14.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2D8AE957-086A-4AE1-8C90-2263A5ADF175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.14.2:-:*:*:*:*:*:*",
"matchCriteriaId": "7CC69D1A-A88C-4D7C-9583-705E6BD09309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.14.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7D126937-7A31-4E1D-9CD7-5A2FB4FBCA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.14.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A5297725-6D47-4C73-BFA1-7332609CC90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA05B76-AC3F-492E-8CF1-18F20ABF05BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1559EDBE-5654-48A2-8DB2-DAE50AAC7D1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5E4632E3-0D58-42EC-931C-4B8477694489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.15.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B199B1BC-6AA5-441A-A8D8-64B98CC6D52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.15.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "952CE418-B490-487D-9893-0A3F4C30B992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.15.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AAFA18E-4DC6-4FCD-8459-C9E8D5177685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A727FB31-FD4F-4AA0-821B-8D1B4B653D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.15.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0962E3AF-CD06-4DDF-B64E-F537F4646D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCF8D36-67BB-4C75-9EC5-688FED31085E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E8516496-5BEF-4698-8D32-6C1C7AD0734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F20180A-B4E5-47EB-816D-50B1E1D85B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "15341D0B-9B8C-4DB5-90A2-F4CD938E9FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.16.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EBE19710-731E-48BE-B4E3-77F851D670E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.16.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DA04CEED-B65D-4369-A03C-8AFBEDDBE4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.16.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1FCF76F3-2051-42BC-B742-6C631EBA1B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.16.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E760CF3A-4ABE-48C0-9219-699A3A524B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.16.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "35A3299D-4AEC-4435-AC20-AB3ECB76E490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.16.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6FCFB843-B726-4FF4-ADC5-E78D16D8579E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.16.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BC88FE65-B525-46D2-A4F4-02F5906744D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.16.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "170B7847-9A1A-42E2-9376-BCC4D6CE7279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA98291E-418D-4184-887D-2BD3F4723503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "0C9CB378-9964-46BC-A6B2-3678C29DA37A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call."
},
{
"lang": "es",
"value": "bitcoind y Bitcoin-Qt versiones anteriores a 0.17.1, permiten una inyecci\u00f3n de datos arbitrarios en el registro de depuraci\u00f3n por medio de una llamada RPC."
}
],
"id": "CVE-2018-20586",
"lastModified": "2024-11-21T04:01:47.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-12T21:15:12.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-10 13:15
Modified
2025-05-22 16:51
Severity ?
Summary
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoincore.org/en/2024/10/08/disclose-blocktxn-crash/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-25.0.md | Release Notes | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/pull/26898 | Issue Tracking | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/releases/tag/v25.0 | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63478AA2-EF03-4005-93A1-443733DB2063",
"versionEndExcluding": "25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block\u0027s merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance."
},
{
"lang": "es",
"value": "Las versiones anteriores a la 25.0 de Bitcoin Core permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (afirmaci\u00f3n de manejo de mensajes blocktxn y salida de nodo) mediante la inclusi\u00f3n de transacciones en un mensaje blocktxn que no est\u00e1n confirmadas en la ra\u00edz merkle de un bloque. FillBlock se puede llamar dos veces para una instancia de PartiallyDownloadedBlock."
}
],
"id": "CVE-2024-35202",
"lastModified": "2025-05-22T16:51:01.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-10T13:15:14.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2024/10/08/disclose-blocktxn-crash/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-25.0.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/bitcoin/bitcoin/pull/26898"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/bitcoin/bitcoin/releases/tag/v25.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.bitcoin.org/smf/index.php?topic=1306.0 | ||
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.bitcoin.org/smf/index.php?topic=1306.0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | bitcoin_core | 0.3.10 | |
| bitcoin | bitcoin_core | 0.3.11 | |
| bitcoin | wxbitcoin | * | |
| bitcoin | wxbitcoin | 0.3.4 | |
| bitcoin | wxbitcoin | 0.3.5 | |
| bitcoin | wxbitcoin | 0.3.8 | |
| bitcoin | wxbitcoin | 0.3.10 | |
| bitcoin | wxbitcoin | 0.3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "329ECA8A-7D87-4E10-8DED-83EB412D5E33",
"versionEndIncluding": "0.3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61F25360-9436-41C9-82CB-39D7FF087C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "83F460DD-E537-430D-A370-485E0A707560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9264DE-6336-4654-8E8A-A3725B845D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "157D51F6-2BDD-4C85-9325-F12A44426000",
"versionEndIncluding": "0.3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "112B0DB9-99BC-42A7-9991-92E73462701E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75F6B20E-2957-4CCE-B9A4-692A4342BC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9C5F2E-EFD7-4F92-BD58-91F9AFB0B15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5665049D-5326-496F-82B9-FD65808F934B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDD2B05-34F6-4C5F-9443-FE67F9B86113",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees."
},
{
"lang": "es",
"value": "wxBitcoin y bitcoind anteriores a v0.3.13 no gestionan correctamente Bitcoins asociados a las transacciones Bitcoin que tienen cero confirmaciones, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (transacciones no v\u00e1lidas masivas) mediante el env\u00edo de transacciones de bajo valor, sin comisiones por transacci\u00f3n."
}
],
"id": "CVE-2010-5140",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-06T16:55:01.133",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.bitcoin.org/smf/index.php?topic=1306.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.bitcoin.org/smf/index.php?topic=1306.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-18 04:15
Modified
2025-04-30 16:17
Severity ?
Summary
Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/ | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9F6DAE0-E03C-4EEF-A354-6FB5A9F97FD8",
"versionEndExcluding": "22.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages."
},
{
"lang": "es",
"value": "Bitcoin Core anterior a 22.0 tiene un desbordamiento de entero nIdCount de CAddrMan y una falla de afirmaci\u00f3n resultante (y salida del daemon) a trav\u00e9s de una inundaci\u00f3n de mensajes addr."
}
],
"id": "CVE-2024-52919",
"lastModified": "2025-04-30T16:17:33.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-18T04:15:04.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-26 18:16
Modified
2024-11-21 06:21
Severity ?
Summary
bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bitcoin/bitcoin/issues/20866 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/issues/20866 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F64E80F-21E7-4CCB-B18C-439B8864BAE5",
"versionEndIncluding": "0.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions"
},
{
"lang": "es",
"value": "** EN DISPUTA ** bitcoind en Bitcoin Core versiones hasta 0.21.0, puede crear un nuevo archivo en un directorio arbitrario (por ejemplo, fuera del directorio ~/.bitcoin) por medio de una llamada RPC dumpwallet NOTA: seg\u00fan se informa, esto no viola el modelo de seguridad de Bitcoin Core, pero puede violar el modelo de seguridad de un fork que haya implementado restricciones de dumpwallet"
}
],
"id": "CVE-2021-3195",
"lastModified": "2024-11-21T06:21:07.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-26T18:16:28.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/issues/20866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/issues/20866"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-12 11:28
Modified
2025-04-11 00:51
Severity ?
Summary
bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin-qt | 0.4 | |
| bitcoin | bitcoin-qt | 0.4.8 | |
| bitcoin | bitcoin-qt | 0.5.0 | |
| bitcoin | bitcoin-qt | 0.5.0.4 | |
| bitcoin | bitcoin-qt | 0.5.1 | |
| bitcoin | bitcoin-qt | 0.5.3.0 | |
| bitcoin | bitcoin-qt | 0.5.7 | |
| bitcoin | bitcoin-qt | 0.6.0.10 | |
| bitcoin | bitcoin-qt | 0.6.3 | |
| bitcoin | bitcoin-qt | 0.7.0 | |
| bitcoin | bitcoin-qt | 0.7.1 | |
| bitcoin | bitcoin-qt | 0.7.2 | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | bitcoin_core | 0.3.10 | |
| bitcoin | bitcoin_core | 0.3.11 | |
| bitcoin | bitcoin_core | 0.3.12 | |
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.2 | |
| bitcoin | bitcoin_core | 0.4.3 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.5 | |
| bitcoin | bitcoin_core | 0.4.6 | |
| bitcoin | bitcoin_core | 0.4.7 | |
| bitcoin | bitcoin_core | 0.5.0 | |
| bitcoin | bitcoin_core | 0.5.3 | |
| bitcoin | bitcoin_core | 0.5.3.1 | |
| bitcoin | bitcoin_core | 0.5.4 | |
| bitcoin | bitcoin_core | 0.5.5 | |
| bitcoin | bitcoin_core | 0.5.6 | |
| bitcoin | bitcoin_core | 0.6.0.1 | |
| bitcoin | bitcoin_core | 0.6.0.2 | |
| bitcoin | bitcoin_core | 0.6.0.3 | |
| bitcoin | bitcoin_core | 0.6.0.4 | |
| bitcoin | bitcoin_core | 0.6.0.5 | |
| bitcoin | bitcoin_core | 0.6.0.6 | |
| bitcoin | bitcoin_core | 0.6.0.7 | |
| bitcoin | bitcoin_core | 0.6.0.8 | |
| bitcoin | bitcoin_core | 0.6.1 | |
| bitcoin | bitcoin_core | 0.6.2 | |
| bitcoin | bitcoind | 0.4.4 | |
| bitcoin | bitcoind | 0.5.7 | |
| bitcoin | bitcoind | 0.6.0.0 | |
| bitcoin | bitcoind | 0.6.0.10 | |
| bitcoin | bitcoind | 0.6.3 | |
| bitcoin | bitcoind | 0.6.4 | |
| bitcoin | bitcoind | 0.7.0 | |
| bitcoin | bitcoind | 0.7.1 | |
| bitcoin | bitcoind | 0.7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "107C630C-68AD-478B-9206-403CCEAE9B90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.4.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F567F467-E340-4BBA-9D42-DC3445EE09DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "27CD6BDE-3732-4863-B855-A0FD022DD62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20635DAC-54CF-48C4-979A-7E909A985093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0264EBF9-C104-49C5-9F43-E0CCC73154B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2233FD0-6F87-4B8B-BDC9-C633F428BA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA08FC-3D57-467B-838B-FDF1E67BF609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.0.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1DB1A621-F271-4120-A642-CAC3D09232AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D758886-F560-4FF6-88DA-C5EEBAACA20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F473942D-1B5B-4348-9896-9828976A3C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A56DE917-D389-4D60-8586-D4F1DEB9012A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32A19BEA-853D-4727-B456-FCBAFF36CDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009847B-E8E7-4472-8260-4A334438C587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3EBE93-A104-407F-A615-E64F65777CC4",
"versionEndIncluding": "0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61F25360-9436-41C9-82CB-39D7FF087C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "83F460DD-E537-430D-A370-485E0A707560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9264DE-6336-4654-8E8A-A3725B845D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0874D-2223-4577-A8E6-93455B9C1DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F6B138-0ED9-4205-B544-66C4C60C3A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8494FF99-5D8C-497A-90E7-3D87807F5997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03E74F91-82C2-435C-BB20-3FF25E431B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63681DB5-2644-476C-86AD-D7DCD69AE1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42BE2305-B58F-4D12-80B1-AF0BF29E15CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEB8A5B-52A4-4D67-8472-46399998C4E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "148CF2B0-2C70-47B9-9547-382AE458DCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "74398A03-74B4-4EC4-A15E-047367614EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AF597D-8BBD-44FE-B0C9-8B03B0350F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4381211-305A-4FAD-BD0F-56513F153958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D079E05-C980-4257-9B39-D0750BF318D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3013254-B002-4F67-B6A0-747F9F82250E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "27283E3F-E88A-45ED-8BFA-C9C6A09EA642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B99F940E-EF59-4150-B980-0C70DC5995DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5744C1-16A1-4617-B3D0-90305DD0C145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B323C69A-C343-4FF3-BA70-2449A9083907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA3817C-4DC0-4867-8DD9-7B912602C80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD1B466-3E8D-4179-8AEE-07E51B04D396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.4.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CC730AD6-2B5B-47A2-881E-B543ABD77AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0430A512-206A-4143-AC5F-C3E0AF19AD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0E0AB1-DE49-46EA-AF18-FA9D053E2DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.0.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D29BF4F1-A79D-4AED-8D1A-59C58093F621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "57E4D76A-A84C-49F5-BDED-F64BB4C49972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3E64AEBF-988A-476E-9275-8B42C66F7101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D062707E-A0FC-4A89-A59B-D68EFAFA8683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9979189E-737C-48F1-BBB3-2E878EC4D4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "416E87CB-03CC-4C72-9A41-CEE09A8A4FAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes."
},
{
"lang": "es",
"value": "Bitcoind y Bitcoin-Qt v0.8.0 y anteriores permiten a atacantes remotos provocar una denegaci\u00f3n de servicio por minar un bloque para crear una transacci\u00f3n Bitcoin no est\u00e1ndar opcodes OP_CHECKSIG."
}
],
"id": "CVE-2013-2292",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-12T11:28:18.373",
"references": [
{
"source": "cve@mitre.org",
"url": "https://bitcointalk.org/?topic=140078"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bitcointalk.org/?topic=140078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-09 19:15
Modified
2024-11-21 08:36
Severity ?
Summary
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53 | ||
| cve@mitre.org | https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799 | Issue Tracking | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/tags | Product | |
| cve@mitre.org | https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md | Release Notes | |
| cve@mitre.org | https://twitter.com/LukeDashjr/status/1732204937466032285 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/tags | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/LukeDashjr/status/1732204937466032285 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoinknots | bitcoin_knots | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1179DE7-9710-433D-83B8-0CE1A7CC8BF7",
"versionEndIncluding": "26.0",
"versionStartIncluding": "0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42AEEA35-5598-4E0A-B693-5D0918ED30B7",
"versionEndExcluding": "25.1",
"versionStartIncluding": "0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it \"not a bug.\""
},
{
"lang": "es",
"value": "En Bitcoin Core hasta 26.0 y Bitcoin Knots anteriores a 25.1.knots20231115, los l\u00edmites de tama\u00f1o del portador de datos se pueden eludir ofuscando los datos como c\u00f3digo (por ejemplo, con OP_FALSE OP_IF), tal como lo explot\u00f3 Inscriptions en 2022 y 2023."
}
],
"id": "CVE-2023-50428",
"lastModified": "2024-11-21T08:36:57.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-09T19:15:07.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/bitcoin/bitcoin/tags"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://twitter.com/LukeDashjr/status/1732204937466032285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/bitcoin/bitcoin/tags"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://twitter.com/LukeDashjr/status/1732204937466032285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-11 12:29
Modified
2024-11-21 04:01
Severity ?
Summary
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587 | Third Party Advisory | |
| cve@mitre.org | https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoinknots | bitcoin_knots | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "529F2E93-27AA-42A9-A853-BE1AFA4EFE6E",
"versionEndIncluding": "0.17.1",
"versionStartIncluding": "0.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AD00B7-0C92-426F-8404-6C206C78BF5B",
"versionEndIncluding": "0.17.0",
"versionStartIncluding": "0.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port."
},
{
"lang": "es",
"value": "Bitcoin Core, desde la versi\u00f3n 0.12.0 hasta la 0.17.1 y Bitcoin Knots, desde la versi\u00f3n 0.12.0 hasta la 0.17.x antes de la 0.17.1.knots20181229 tienen un control de acceso incorrecto. Los usuarios locales pueden explotar esta vulnerabilidad para robar dinero enlazando el puerto localhost IPv4 RPC y reenviando peticiones al puerto localhost IPv6."
}
],
"id": "CVE-2018-20587",
"lastModified": "2024-11-21T04:01:47.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-11T12:29:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-10 17:15
Modified
2024-11-21 05:02
Severity ?
Summary
Bitcoin Core 0.20.0 allows remote denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198 | Vendor Advisory | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/commits/master | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202009-18 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/commits/master | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202009-18 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.20.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A00FFD36-B9BC-4577-8DA8-0A746F4E1F7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core 0.20.0 allows remote denial of service."
},
{
"lang": "es",
"value": "Bitcoin Core versi\u00f3n 0.20.0, permite una denegaci\u00f3n de servicio remota"
}
],
"id": "CVE-2020-14198",
"lastModified": "2024-11-21T05:02:51.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-10T17:15:28.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/commits/master"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bitcoin/bitcoin/commits/master"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202009-18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-18 04:15
Modified
2025-04-30 16:16
Severity ?
Summary
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup/ | Vendor Advisory | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E84B8A02-6D03-4809-87E0-AD87BE4422A4",
"versionEndExcluding": "0.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message."
},
{
"lang": "es",
"value": "Bitcoin Core anterior a 0.20.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un mensaje INV manipulado espec\u00edficamente para ello."
}
],
"id": "CVE-2024-52915",
"lastModified": "2025-04-30T16:16:08.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-18T04:15:04.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-09 01:15
Modified
2025-05-22 16:56
Severity ?
Summary
Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel transactions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://ariard.github.io | Third Party Advisory | |
| cve@mitre.org | https://bitcoincore.org | Product | |
| cve@mitre.org | https://delvingbitcoin.org/t/full-disclosure-transaction-relay-throughput-overflow-attacks-against-off-chain-protocols/1305 | Issue Tracking | |
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Third Party Advisory | |
| cve@mitre.org | https://gnusha.org/pi/bitcoindev/CALZpt+EptER=p+P7VN3QAb9n=dODA9_LnR9xZwWpRsdAwedv=w@mail.gmail.com/T/#u | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB07D952-A7AA-49EE-AE7F-3153A80E0602",
"versionEndIncluding": "27.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel transactions."
},
{
"lang": "es",
"value": "Bitcoin Core hasta la versi\u00f3n 27.2 permite el bloqueo de la retransmisi\u00f3n de transacciones mediante un ataque de protocolo fuera de la cadena, un problema relacionado con CVE-2024-52913. Por ejemplo, el resultado de un HTLC (contrato de bloqueo de tiempo hash) puede modificarse porque una inundaci\u00f3n de tr\u00e1fico de transacciones impide la propagaci\u00f3n de ciertas transacciones del canal Lightning."
}
],
"id": "CVE-2024-55563",
"lastModified": "2025-05-22T16:56:06.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-12-09T01:15:06.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://ariard.github.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://bitcoincore.org"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://delvingbitcoin.org/t/full-disclosure-transaction-relay-throughput-overflow-attacks-against-off-chain-protocols/1305"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://gnusha.org/pi/bitcoindev/CALZpt+EptER=p+P7VN3QAb9n=dODA9_LnR9xZwWpRsdAwedv=w@mail.gmail.com/T/#u"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-18 04:15
Modified
2025-05-22 16:56
Severity ?
Summary
Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain has enough work before committing to store it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55E9245E-1473-4830-BAD2-7E2BF9E3D298",
"versionEndExcluding": "24.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a \"Chain Width Expansion\" attack) because a node does not first verify that a presented chain has enough work before committing to store it."
},
{
"lang": "es",
"value": "Bitcoin Core anterior a 24.0.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (falla del demonio) a trav\u00e9s de una inundaci\u00f3n de cadenas de encabezado de baja dificultad (tambi\u00e9n conocido como un ataque de \"expansi\u00f3n del ancho de la cadena\") porque un nodo no verifica primero que una cadena presentada tenga suficiente trabajo antes de comprometerse a almacenarla."
}
],
"id": "CVE-2019-25220",
"lastModified": "2025-05-22T16:56:23.983",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-18T04:15:04.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bitcoincore.org/en/2024/09/18/disclose-headers-oom"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-October/017354.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-10 11:28
Modified
2025-04-11 00:51
Severity ?
Summary
The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcointalk.org/index.php?topic=287351 | ||
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcointalk.org/index.php?topic=287351 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin-qt | 0.8.2 | |
| bitcoin | bitcoin-qt | 0.8.2 | |
| bitcoin | bitcoin-qt | 0.8.2 | |
| bitcoin | bitcoin-qt | 0.8.2 | |
| bitcoin | bitcoin-qt | 0.8.3 | |
| bitcoin | bitcoin_core | 0.8.0 | |
| bitcoin | bitcoin_core | 0.8.0 | |
| bitcoin | bitcoin_core | 0.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7A15A8-462D-4B96-8914-FF6665A5EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "440CBFFD-CAF5-4133-910E-9AA04FC2D97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0EF2DF3D-A267-4923-A281-29A8AF4BED1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.8.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E77F36FC-34E6-499D-9143-B7B56F75FA96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "535357F4-3B07-4C32-83B3-AD1E92FD788B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FB8897-6ABE-48D4-A917-571342DF93FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DA424B29-2C7E-49FB-AA7B-F27F0489EB63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53B8A243-3A29-4E36-9974-6C19D944E9ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages."
},
{
"lang": "es",
"value": "La implementaci\u00f3n del Filtro Bloom en bitcoind y Bitcoin-Qt 0.8.x anteriores a 0.8.4rc1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (error de divisi\u00f3n entre 0 y ca\u00edda del demonio) a trav\u00e9s de una secuencia de mensajes manipulada."
}
],
"id": "CVE-2013-5700",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-10T11:28:41.127",
"references": [
{
"source": "cve@mitre.org",
"url": "https://bitcointalk.org/index.php?topic=287351"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bitcointalk.org/index.php?topic=287351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-12 11:28
Modified
2025-04-11 00:51
Severity ?
Summary
bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin-qt | * | |
| bitcoin | bitcoin-qt | 0.4 | |
| bitcoin | bitcoin-qt | 0.5.0 | |
| bitcoin | bitcoin-qt | 0.5.0.4 | |
| bitcoin | bitcoin-qt | 0.5.1 | |
| bitcoin | bitcoin-qt | 0.5.3.0 | |
| bitcoin | bitcoin-qt | 0.5.7 | |
| bitcoin | bitcoin-qt | 0.6.0.10 | |
| bitcoin | bitcoin-qt | 0.6.3 | |
| bitcoin | bitcoin-qt | 0.7.0 | |
| bitcoin | bitcoin-qt | 0.7.1 | |
| bitcoin | bitcoin-qt | 0.7.2 | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | bitcoin_core | 0.3.10 | |
| bitcoin | bitcoin_core | 0.3.11 | |
| bitcoin | bitcoin_core | 0.3.12 | |
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.2 | |
| bitcoin | bitcoin_core | 0.4.3 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.5 | |
| bitcoin | bitcoin_core | 0.4.6 | |
| bitcoin | bitcoin_core | 0.4.7 | |
| bitcoin | bitcoin_core | 0.5.0 | |
| bitcoin | bitcoin_core | 0.5.3 | |
| bitcoin | bitcoin_core | 0.5.3.1 | |
| bitcoin | bitcoin_core | 0.5.4 | |
| bitcoin | bitcoin_core | 0.5.5 | |
| bitcoin | bitcoin_core | 0.5.6 | |
| bitcoin | bitcoin_core | 0.6.0.1 | |
| bitcoin | bitcoin_core | 0.6.0.2 | |
| bitcoin | bitcoin_core | 0.6.0.3 | |
| bitcoin | bitcoin_core | 0.6.0.4 | |
| bitcoin | bitcoin_core | 0.6.0.5 | |
| bitcoin | bitcoin_core | 0.6.0.6 | |
| bitcoin | bitcoin_core | 0.6.0.7 | |
| bitcoin | bitcoin_core | 0.6.0.8 | |
| bitcoin | bitcoin_core | 0.6.1 | |
| bitcoin | bitcoin_core | 0.6.2 | |
| bitcoin | bitcoind | * | |
| bitcoin | bitcoind | 0.5.7 | |
| bitcoin | bitcoind | 0.6.0.0 | |
| bitcoin | bitcoind | 0.6.0.10 | |
| bitcoin | bitcoind | 0.6.3 | |
| bitcoin | bitcoind | 0.6.4 | |
| bitcoin | bitcoind | 0.7.0 | |
| bitcoin | bitcoind | 0.7.1 | |
| bitcoin | bitcoind | 0.7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:*:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E080E161-2DAC-4C34-8398-DDD146506DB8",
"versionEndIncluding": "0.4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "107C630C-68AD-478B-9206-403CCEAE9B90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "27CD6BDE-3732-4863-B855-A0FD022DD62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20635DAC-54CF-48C4-979A-7E909A985093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0264EBF9-C104-49C5-9F43-E0CCC73154B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2233FD0-6F87-4B8B-BDC9-C633F428BA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA08FC-3D57-467B-838B-FDF1E67BF609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.0.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1DB1A621-F271-4120-A642-CAC3D09232AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D758886-F560-4FF6-88DA-C5EEBAACA20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F473942D-1B5B-4348-9896-9828976A3C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A56DE917-D389-4D60-8586-D4F1DEB9012A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32A19BEA-853D-4727-B456-FCBAFF36CDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009847B-E8E7-4472-8260-4A334438C587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61F25360-9436-41C9-82CB-39D7FF087C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "83F460DD-E537-430D-A370-485E0A707560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9264DE-6336-4654-8E8A-A3725B845D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0874D-2223-4577-A8E6-93455B9C1DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F6B138-0ED9-4205-B544-66C4C60C3A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8494FF99-5D8C-497A-90E7-3D87807F5997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03E74F91-82C2-435C-BB20-3FF25E431B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63681DB5-2644-476C-86AD-D7DCD69AE1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42BE2305-B58F-4D12-80B1-AF0BF29E15CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEB8A5B-52A4-4D67-8472-46399998C4E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "148CF2B0-2C70-47B9-9547-382AE458DCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "74398A03-74B4-4EC4-A15E-047367614EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AF597D-8BBD-44FE-B0C9-8B03B0350F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4381211-305A-4FAD-BD0F-56513F153958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D079E05-C980-4257-9B39-D0750BF318D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3013254-B002-4F67-B6A0-747F9F82250E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "27283E3F-E88A-45ED-8BFA-C9C6A09EA642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B99F940E-EF59-4150-B980-0C70DC5995DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5744C1-16A1-4617-B3D0-90305DD0C145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B323C69A-C343-4FF3-BA70-2449A9083907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA3817C-4DC0-4867-8DD9-7B912602C80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD1B466-3E8D-4179-8AEE-07E51B04D396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:*:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F0EC3A7C-D203-459E-8F03-3E0E859CB7FE",
"versionEndIncluding": "0.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0430A512-206A-4143-AC5F-C3E0AF19AD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0E0AB1-DE49-46EA-AF18-FA9D053E2DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.0.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D29BF4F1-A79D-4AED-8D1A-59C58093F621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "57E4D76A-A84C-49F5-BDED-F64BB4C49972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3E64AEBF-988A-476E-9275-8B42C66F7101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D062707E-A0FC-4A89-A59B-D68EFAFA8683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9979189E-737C-48F1-BBB3-2E878EC4D4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "416E87CB-03CC-4C72-9A41-CEE09A8A4FAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction."
},
{
"lang": "es",
"value": "bitcoind y Bitcoin-Qt anterior a v0.4.9rc1, v0.5.x anterior a v0.5.8rc1, v0.6.0 anterior a v0.6.0.11rc1, v0.6.1 hasta v0.6.5 anterior a v0.6.5rc1, y v0.7.x anterior a v0.7.3rc1 hacen m\u00e1s f\u00e1cil para atacantes remotos obtener informaci\u00f3n sensible sobre el cambio devuelto al aprovechar cierta previsibilidad en los resultados de una operaci\u00f3n de Bitcoin."
}
],
"id": "CVE-2013-2273",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-12T11:28:18.357",
"references": [
{
"source": "cve@mitre.org",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcointalk.org/?topic=81749 | ||
| cve@mitre.org | https://bugs.gentoo.org/show_bug.cgi?id=415973 | ||
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcointalk.org/?topic=81749 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/show_bug.cgi?id=415973 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | bitcoin_core | 0.3.10 | |
| bitcoin | bitcoin_core | 0.3.11 | |
| bitcoin | bitcoin_core | 0.3.12 | |
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85E8828B-3A7D-46C8-B73E-40A7C20DFC50",
"versionEndIncluding": "0.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61F25360-9436-41C9-82CB-39D7FF087C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "83F460DD-E537-430D-A370-485E0A707560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9264DE-6336-4654-8E8A-A3725B845D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0874D-2223-4577-A8E6-93455B9C1DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F6B138-0ED9-4205-B544-66C4C60C3A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8494FF99-5D8C-497A-90E7-3D87807F5997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63681DB5-2644-476C-86AD-D7DCD69AE1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42BE2305-B58F-4D12-80B1-AF0BF29E15CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "74398A03-74B4-4EC4-A15E-047367614EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en bitcoind y Bitcoin-Qt anterior a v0.4.6, v0.5.x anterior a v0.5.5, v0.6.0.7 0.6.0.x, y v0.6.x anterior a v0.6.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloque de procesamiento de interrupci\u00f3n y el recuento de bloque incorrecta) a trav\u00e9s de un comportamiento desconocido en una red Bitcoin."
}
],
"id": "CVE-2012-2459",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-06T16:55:03.307",
"references": [
{
"source": "cve@mitre.org",
"url": "https://bitcointalk.org/?topic=81749"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=415973"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bitcointalk.org/?topic=81749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=415973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bitcoin.org/releases/2011/11/21/v0.5.0.html | ||
| cve@mitre.org | https://bitcointalk.org/index.php?topic=51474.0 | ||
| cve@mitre.org | https://bitcointalk.org/index.php?topic=51604.0 | ||
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bitcoin.org/releases/2011/11/21/v0.5.0.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcointalk.org/index.php?topic=51474.0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcointalk.org/index.php?topic=51604.0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.5.0 | |
| bitcoin | wxbitcoin | 0.4.0 | |
| bitcoin | wxbitcoin | 0.4.1 | |
| bitcoin | wxbitcoin | 0.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8494FF99-5D8C-497A-90E7-3D87807F5997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "74398A03-74B4-4EC4-A15E-047367614EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82B766B4-C3FD-42D8-9F7D-767B9C0C20F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.4.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "87FCC078-AAF9-4FB4-B46E-EEE5D8488B81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:wxbitcoin:0.5.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "C6A8CB89-F0A1-4E97-A053-CACC378BD8C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"encrypt wallet\" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion."
},
{
"lang": "es",
"value": "La caracter\u00edstica \"encrypt wallet\" en wxBitcoin y en bitcoind v0.4.x y anteriores a v0.4.1, y v0.5.0rc no interact\u00faa adecuadamente con la funcionalidad de eliminaci\u00f3n de BSDDB, lo cual permite a atacantes dependiendo del contexto obtener claves privadas no encriptadas desde un fichero de monedero Bitcoin mediante el puenteo de la interfaz de BSDDB y a trav\u00e9s de la lectura de entradas que han sido marcadas para su borrado."
}
],
"id": "CVE-2011-4447",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-06T16:55:01.227",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bitcoin.org/releases/2011/11/21/v0.5.0.html"
},
{
"source": "cve@mitre.org",
"url": "https://bitcointalk.org/index.php?topic=51474.0"
},
{
"source": "cve@mitre.org",
"url": "https://bitcointalk.org/index.php?topic=51604.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bitcoin.org/releases/2011/11/21/v0.5.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bitcointalk.org/index.php?topic=51474.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bitcointalk.org/index.php?topic=51604.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-22 05:15
Modified
2025-01-28 18:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Not Applicable | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md | Release Notes | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/issues/27586 | Issue Tracking | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/issues/27623 | Issue Tracking | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/pull/27610 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544 | ||
| cve@mitre.org | https://github.com/visualbasic6/drain | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/ | ||
| cve@mitre.org | https://x.com/123456/status/1711601593399828530 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/issues/27586 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/issues/27623 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/pull/27610 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/visualbasic6/drain | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://x.com/123456/status/1711601593399828530 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD299C72-AD8C-479D-9606-2CE3FEA945FB",
"versionEndExcluding": "24.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023."
}
],
"id": "CVE-2023-33297",
"lastModified": "2025-01-28T18:15:32.103",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-22T05:15:09.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/bitcoin/bitcoin/issues/27586"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/bitcoin/bitcoin/issues/27623"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/bitcoin/bitcoin/pull/27610"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/visualbasic6/drain"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/"
},
{
"source": "cve@mitre.org",
"url": "https://x.com/123456/status/1711601593399828530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/bitcoin/bitcoin/issues/27586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/bitcoin/bitcoin/issues/27623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/bitcoin/bitcoin/pull/27610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/visualbasic6/drain"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://x.com/123456/status/1711601593399828530"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-12 11:28
Modified
2025-04-11 00:51
Severity ?
Summary
The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcointalk.org/?topic=144122 | ||
| cve@mitre.org | https://en.bitcoin.it/wiki/CVE-2013-2293 | ||
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcointalk.org/?topic=144122 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVE-2013-2293 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin-qt | 0.4 | |
| bitcoin | bitcoin-qt | 0.4.8 | |
| bitcoin | bitcoin-qt | 0.5.0 | |
| bitcoin | bitcoin-qt | 0.5.0.4 | |
| bitcoin | bitcoin-qt | 0.5.1 | |
| bitcoin | bitcoin-qt | 0.5.3.0 | |
| bitcoin | bitcoin-qt | 0.5.7 | |
| bitcoin | bitcoin-qt | 0.6.0.10 | |
| bitcoin | bitcoin-qt | 0.6.3 | |
| bitcoin | bitcoin-qt | 0.7.0 | |
| bitcoin | bitcoin-qt | 0.7.1 | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | bitcoin_core | 0.3.10 | |
| bitcoin | bitcoin_core | 0.3.11 | |
| bitcoin | bitcoin_core | 0.3.12 | |
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.2 | |
| bitcoin | bitcoin_core | 0.4.3 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.5 | |
| bitcoin | bitcoin_core | 0.4.6 | |
| bitcoin | bitcoin_core | 0.4.7 | |
| bitcoin | bitcoin_core | 0.5.0 | |
| bitcoin | bitcoin_core | 0.5.3 | |
| bitcoin | bitcoin_core | 0.5.3.1 | |
| bitcoin | bitcoin_core | 0.5.4 | |
| bitcoin | bitcoin_core | 0.5.5 | |
| bitcoin | bitcoin_core | 0.5.6 | |
| bitcoin | bitcoin_core | 0.6.0.1 | |
| bitcoin | bitcoin_core | 0.6.0.2 | |
| bitcoin | bitcoin_core | 0.6.0.3 | |
| bitcoin | bitcoin_core | 0.6.0.4 | |
| bitcoin | bitcoin_core | 0.6.0.5 | |
| bitcoin | bitcoin_core | 0.6.0.6 | |
| bitcoin | bitcoin_core | 0.6.0.7 | |
| bitcoin | bitcoin_core | 0.6.0.8 | |
| bitcoin | bitcoin_core | 0.6.1 | |
| bitcoin | bitcoin_core | 0.6.2 | |
| bitcoin | bitcoind | 0.4.4 | |
| bitcoin | bitcoind | 0.5.7 | |
| bitcoin | bitcoind | 0.6.0.0 | |
| bitcoin | bitcoind | 0.6.0.10 | |
| bitcoin | bitcoind | 0.6.3 | |
| bitcoin | bitcoind | 0.6.4 | |
| bitcoin | bitcoind | 0.7.0 | |
| bitcoin | bitcoind | 0.7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "107C630C-68AD-478B-9206-403CCEAE9B90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.4.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F567F467-E340-4BBA-9D42-DC3445EE09DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "27CD6BDE-3732-4863-B855-A0FD022DD62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20635DAC-54CF-48C4-979A-7E909A985093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0264EBF9-C104-49C5-9F43-E0CCC73154B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2233FD0-6F87-4B8B-BDC9-C633F428BA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80FA08FC-3D57-467B-838B-FDF1E67BF609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.0.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "1DB1A621-F271-4120-A642-CAC3D09232AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D758886-F560-4FF6-88DA-C5EEBAACA20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F473942D-1B5B-4348-9896-9828976A3C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A56DE917-D389-4D60-8586-D4F1DEB9012A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D009847B-E8E7-4472-8260-4A334438C587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA342670-9FC6-48C8-91B7-04019D2219A2",
"versionEndIncluding": "0.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "61F25360-9436-41C9-82CB-39D7FF087C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "83F460DD-E537-430D-A370-485E0A707560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9264DE-6336-4654-8E8A-A3725B845D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A0874D-2223-4577-A8E6-93455B9C1DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F6B138-0ED9-4205-B544-66C4C60C3A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8494FF99-5D8C-497A-90E7-3D87807F5997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03E74F91-82C2-435C-BB20-3FF25E431B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63681DB5-2644-476C-86AD-D7DCD69AE1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "42BE2305-B58F-4D12-80B1-AF0BF29E15CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEB8A5B-52A4-4D67-8472-46399998C4E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "148CF2B0-2C70-47B9-9547-382AE458DCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "74398A03-74B4-4EC4-A15E-047367614EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AF597D-8BBD-44FE-B0C9-8B03B0350F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4381211-305A-4FAD-BD0F-56513F153958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D079E05-C980-4257-9B39-D0750BF318D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3013254-B002-4F67-B6A0-747F9F82250E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "27283E3F-E88A-45ED-8BFA-C9C6A09EA642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B99F940E-EF59-4150-B980-0C70DC5995DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5744C1-16A1-4617-B3D0-90305DD0C145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B323C69A-C343-4FF3-BA70-2449A9083907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA3817C-4DC0-4867-8DD9-7B912602C80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD1B466-3E8D-4179-8AEE-07E51B04D396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.4.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CC730AD6-2B5B-47A2-881E-B543ABD77AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0430A512-206A-4143-AC5F-C3E0AF19AD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0E0AB1-DE49-46EA-AF18-FA9D053E2DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.0.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D29BF4F1-A79D-4AED-8D1A-59C58093F621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "57E4D76A-A84C-49F5-BDED-F64BB4C49972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.6.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3E64AEBF-988A-476E-9275-8B42C66F7101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D062707E-A0FC-4A89-A59B-D68EFAFA8683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9979189E-737C-48F1-BBB3-2E878EC4D4D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain."
},
{
"lang": "es",
"value": "El m\u00e9todo CTransaction::FetchInputs en bitcoind y Bitcoin-Qt anterior a v0.8.0rc1 copia transacciones del disco a la memoria sin comprobar de forma incremental \"spent prevouts\", lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de disco I/O) a trav\u00e9s de una transacci\u00f3n de Bitcoin con muchas entradas correspondientes a diferentes partes de la cadena de bloque almacenado (block chain)."
}
],
"id": "CVE-2013-2293",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-12T11:28:18.390",
"references": [
{
"source": "cve@mitre.org",
"url": "https://bitcointalk.org/?topic=144122"
},
{
"source": "cve@mitre.org",
"url": "https://en.bitcoin.it/wiki/CVE-2013-2293"
},
{
"source": "cve@mitre.org",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bitcointalk.org/?topic=144122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://en.bitcoin.it/wiki/CVE-2013-2293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-05 22:29
Modified
2024-11-21 02:44
Severity ?
Summary
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure | ||
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory | |
| cve@mitre.org | https://github.com/JinBean/CVE-Extension | ||
| cve@mitre.org | https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/JinBean/CVE-Extension | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin-qt | * | |
| bitcoin | bitcoind | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C55186E2-552A-4CFB-9E1D-016E62AD44FB",
"versionEndExcluding": "0.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitcoin:bitcoin-qt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B37C74F-E3A1-4FE4-8731-263D83D404DE",
"versionEndExcluding": "0.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitcoin:bitcoind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD637BBB-45AB-4DC3-A048-DCBD894CE390",
"versionEndExcluding": "0.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins."
},
{
"lang": "es",
"value": "Bitcoin Core en versiones anteriores a la v0.13.0 permite una denegaci\u00f3n de servicio (DoS) desencadenada por el sistema de alertas de red remoto (obsoleto desde el primer trimestre de 2016) si un atacante puede firmar un mensaje con una clave privada determinada que sea conocida por actores no planeados debido a un mapa de tama\u00f1o infinito. Esto afecta a otros usos del c\u00f3digo base, como Bitcoin Knots en versiones anteriores a la v0.13.0.knots20160814 y otros altcoins."
}
],
"id": "CVE-2016-10724",
"lastModified": "2024-11-21T02:44:35.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-05T22:29:00.233",
"references": [
{
"source": "cve@mitre.org",
"url": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/JinBean/CVE-Extension"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}