Vulnerabilities > Bitcoin > Bitcoin Core > 0.3.2

DATE CVE VULNERABILITY TITLE RISK
2023-05-22 CVE-2023-33297 Resource Exhaustion vulnerability in Bitcoin Core
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.
network
low complexity
bitcoin CWE-400
7.5
2021-01-26 CVE-2021-3195 Improper Input Validation vulnerability in Bitcoin Core
bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call.
network
low complexity
bitcoin CWE-20
7.5
2020-03-16 CVE-2017-12842 Improper Input Validation vulnerability in Bitcoin Core
Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur.
network
low complexity
bitcoin CWE-20
5.0
2020-03-12 CVE-2017-18350 Classic Buffer Overflow vulnerability in Bitcoin Core
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used.
network
high complexity
bitcoin CWE-120
5.9
2020-03-12 CVE-2015-3641 Unspecified vulnerability in Bitcoin Core
bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.
network
low complexity
bitcoin
5.0
2018-07-05 CVE-2016-10725 Cryptographic Issues vulnerability in Bitcoin Bitcoin-Qt, Bitcoin Core and Bitcoind
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order.
network
low complexity
bitcoin CWE-310
5.0
2018-07-05 CVE-2016-10724 Resource Exhaustion vulnerability in Bitcoin Bitcoin-Qt, Bitcoin Core and Bitcoind
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map.
network
low complexity
bitcoin CWE-400
7.8
2013-03-12 CVE-2013-2293 Resource Management Errors vulnerability in Bitcoin Bitcoin-Qt, Bitcoin Core and Bitcoind
The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.
network
low complexity
bitcoin CWE-399
5.0
2013-03-12 CVE-2013-2292 Resource Management Errors vulnerability in Bitcoin Bitcoin-Qt, Bitcoin Core and Bitcoind
bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.
network
low complexity
bitcoin CWE-399
7.8
2012-08-06 CVE-2012-2459 Unspecified vulnerability in Bitcoin Core
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.
network
low complexity
bitcoin
5.0