Vulnerabilities > Bitcoin > Bitcoin Core > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-07 | CVE-2023-37192 | Missing Encryption of Sensitive Data vulnerability in Bitcoin Core 22.0 Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing. | 7.5 |
| 2023-05-22 | CVE-2023-33297 | Resource Exhaustion vulnerability in Bitcoin Core Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023. | 7.5 |
| 2021-01-26 | CVE-2021-3195 | Improper Input Validation vulnerability in Bitcoin Core bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. | 7.5 |
| 2020-09-10 | CVE-2020-14198 | Unspecified vulnerability in Bitcoin Core 0.20.0 Bitcoin Core 0.20.0 allows remote denial of service. | 7.5 |
| 2018-09-19 | CVE-2018-17144 | Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. | 7.5 |
| 2018-07-05 | CVE-2016-10724 | Resource Exhaustion vulnerability in Bitcoin Bitcoin-Qt, Bitcoin Core and Bitcoind Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. | 7.8 |
| 2013-03-12 | CVE-2013-2292 | Resource Management Errors vulnerability in Bitcoin Bitcoin-Qt, Bitcoin Core and Bitcoind bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes. | 7.8 |
| 2013-03-12 | CVE-2012-4684 | Resource Management Errors vulnerability in Bitcoin products The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert. | 7.8 |
| 2012-08-06 | CVE-2012-1910 | Unspecified vulnerability in Bitcoin Bitcoin-Qt and Bitcoin Core Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages. | 7.5 |
| 2012-08-06 | CVE-2010-5141 | Permissions, Privileges, and Access Controls vulnerability in Bitcoin Core and Wxbitcoin wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors. | 7.5 |