Vulnerabilities > Bitcoin

DATE CVE VULNERABILITY TITLE RISK
2020-09-10 CVE-2020-14198 Unspecified vulnerability in Bitcoin Core 0.20.0
Bitcoin Core 0.20.0 allows remote denial of service.
network
low complexity
bitcoin
5.0
2020-09-10 CVE-2018-17145 Resource Exhaustion vulnerability in multiple products
Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS.
5.0
2020-03-16 CVE-2017-12842 Improper Input Validation vulnerability in Bitcoin Core
Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur.
network
low complexity
bitcoin CWE-20
5.0
2020-03-12 CVE-2018-20586 Improper Encoding OR Escaping of Output vulnerability in Bitcoin Core
bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.
network
bitcoin CWE-116
4.3
2020-03-12 CVE-2017-18350 Classic Buffer Overflow vulnerability in Bitcoin Core
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used.
network
bitcoin CWE-120
4.3
2020-03-12 CVE-2015-3641 Unspecified vulnerability in Bitcoin Core
bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.
network
low complexity
bitcoin
5.0
2019-09-05 CVE-2019-15947 Inadequate Encryption Strength vulnerability in Bitcoin Core 0.18.0
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory.
network
low complexity
bitcoin CWE-326
5.0
2019-02-11 CVE-2018-20587 Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control.
local
low complexity
bitcoin bitcoinknots
2.1
2018-07-05 CVE-2016-10725 Cryptographic Issues vulnerability in Bitcoin Bitcoin-Qt, Bitcoin Core and Bitcoind
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order.
network
low complexity
bitcoin CWE-310
5.0
2018-07-05 CVE-2016-10724 Resource Exhaustion vulnerability in Bitcoin Bitcoin-Qt, Bitcoin Core and Bitcoind
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map.
network
low complexity
bitcoin CWE-400
7.8