Vulnerabilities > Bitcoin > Bitcoin Core > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-09 | CVE-2023-50428 | In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. | 5.3 |
2020-09-10 | CVE-2018-17145 | Resource Exhaustion vulnerability in multiple products Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. | 5.0 |
2020-03-16 | CVE-2017-12842 | Improper Input Validation vulnerability in Bitcoin Core Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. | 5.0 |
2020-03-12 | CVE-2018-20586 | Improper Encoding or Escaping of Output vulnerability in Bitcoin Core bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call. | 4.3 |
2020-03-12 | CVE-2017-18350 | Classic Buffer Overflow vulnerability in Bitcoin Core bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. | 5.9 |
2020-03-12 | CVE-2015-3641 | Unspecified vulnerability in Bitcoin Core bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack. | 5.0 |
2019-09-05 | CVE-2019-15947 | Cleartext Storage of Sensitive Information vulnerability in Bitcoin Core 0.18.0 In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. | 5.0 |
2019-02-11 | CVE-2018-20587 | Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. | 5.5 |
2018-07-05 | CVE-2016-10725 | Cryptographic Issues vulnerability in Bitcoin Bitcoin-Qt, Bitcoin Core and Bitcoind In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. | 5.0 |
2013-09-10 | CVE-2013-5700 | Numeric Errors vulnerability in Bitcoin Bitcoin-Qt and Bitcoin Core The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages. | 5.0 |