Vulnerabilities > Bitcoin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-09 | CVE-2023-50428 | In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. | 5.3 |
| 2023-07-07 | CVE-2023-37192 | Missing Encryption of Sensitive Data vulnerability in Bitcoin Core 22.0 Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing. | 7.5 |
| 2023-05-22 | CVE-2023-33297 | Resource Exhaustion vulnerability in Bitcoin Core Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023. | 7.5 |
| 2021-05-13 | CVE-2021-31876 | Incorrect Authorization vulnerability in Bitcoin Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. | 6.4 |
| 2021-02-04 | CVE-2021-3401 | Command Injection vulnerability in Bitcoin Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. | 7.5 |
| 2021-01-26 | CVE-2021-3195 | Improper Input Validation vulnerability in Bitcoin Core bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. | 7.5 |
| 2020-09-10 | CVE-2020-14198 | Unspecified vulnerability in Bitcoin Core 0.20.0 Bitcoin Core 0.20.0 allows remote denial of service. | 7.5 |
| 2020-09-10 | CVE-2018-17145 | Resource Exhaustion vulnerability in multiple products Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. | 5.0 |
| 2020-03-16 | CVE-2017-12842 | Improper Input Validation vulnerability in Bitcoin Core Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. | 5.0 |
| 2020-03-12 | CVE-2018-20586 | Improper Encoding or Escaping of Output vulnerability in Bitcoin Core bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call. | 4.3 |