Filtered by vendor Bitcoin
                         Subscriptions
                    
                    
                
                        Filtered by product Bitcoin Core
                         Subscriptions
                    
                    
                
                    Total
                    52 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v3.1 | 
|---|---|---|---|---|
| CVE-2019-25220 | 1 Bitcoin | 1 Bitcoin Core | 2025-05-22 | 7.5 High | 
| Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain has enough work before committing to store it. | ||||
| CVE-2024-55563 | 1 Bitcoin | 1 Bitcoin Core | 2025-05-22 | 5.3 Medium | 
| Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel transactions. | ||||
| CVE-2024-35202 | 1 Bitcoin | 2 Bitcoin, Bitcoin Core | 2025-05-22 | 7.5 High | 
| Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance. | ||||
| CVE-2024-52922 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | 6.5 Medium | 
| In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification. | ||||
| CVE-2024-52920 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | 7.5 High | 
| Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message. | ||||
| CVE-2024-52921 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | 5.3 Medium | 
| In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. | ||||
| CVE-2024-52919 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | 6.5 Medium | 
| Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages. | ||||
| CVE-2024-52917 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | 6.5 Medium | 
| Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device. | ||||
| CVE-2024-52916 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | 7.5 High | 
| Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers. | ||||
| CVE-2024-52915 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | 7.5 High | 
| Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message. | ||||
| CVE-2024-52914 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | 7.5 High | 
| In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction. | ||||
| CVE-2024-52913 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | 5.3 Medium | 
| In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled. | ||||
| CVE-2024-52912 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | 7.5 High | 
| Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug. | ||||
| CVE-2012-4682 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-11 | N/A | 
| Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683. | ||||
| CVE-2012-4684 | 1 Bitcoin | 4 Bitcoin-qt, Bitcoin Core, Bitcoind and 1 more | 2025-04-11 | N/A | 
| The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert. | ||||
| CVE-2012-1910 | 2 Bitcoin, Microsoft | 3 Bitcoin-qt, Bitcoin Core, Windows | 2025-04-11 | N/A | 
| Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages. | ||||
| CVE-2012-1909 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2025-04-11 | N/A | 
| The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction. | ||||
| CVE-2010-5141 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2025-04-11 | N/A | 
| wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors. | ||||
| CVE-2013-5700 | 1 Bitcoin | 2 Bitcoin-qt, Bitcoin Core | 2025-04-11 | N/A | 
| The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages. | ||||
| CVE-2010-5138 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2025-04-11 | N/A | 
| wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes. | ||||