Vulnerabilities > Bitcoin

DATE CVE VULNERABILITY TITLE RISK
2020-03-12 CVE-2017-18350 Classic Buffer Overflow vulnerability in Bitcoin Core
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used.
network
high complexity
bitcoin CWE-120
5.9
5.9
2020-03-12 CVE-2015-3641 Unspecified vulnerability in Bitcoin Core
bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.
network
low complexity
bitcoin
7.5
7.5
2019-09-05 CVE-2019-15947 Cleartext Storage of Sensitive Information vulnerability in Bitcoin Core 0.18.0
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory.
network
low complexity
bitcoin CWE-312
7.5
7.5
2019-02-11 CVE-2018-20587 Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control.
local
low complexity
bitcoinknots bitcoin
5.5
5.5
2018-09-19 CVE-2018-17144 Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input.
network
low complexity
bitcoinknots bitcoin
7.5
7.5
2018-07-05 CVE-2016-10725 Cryptographic Issues vulnerability in Bitcoin Core
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order.
network
low complexity
bitcoin CWE-310
7.5
7.5
2018-07-05 CVE-2016-10724 Resource Exhaustion vulnerability in Bitcoin Core
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map.
network
low complexity
bitcoin CWE-400
7.5
7.5
2017-05-24 CVE-2017-9230 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Bitcoin
The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers.
network
low complexity
bitcoin CWE-338
7.5
7.5