Filtered by vendor Bitcoin
Subscriptions
Total
54 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-52922 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 6.5 Medium |
In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification. | ||||
CVE-2019-25220 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 7.5 High |
Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain has enough work before committing to store it. | ||||
CVE-2015-20111 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 9.8 Critical |
miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation. | ||||
CVE-2024-52919 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 6.5 Medium |
Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages. | ||||
CVE-2024-52917 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 6.5 Medium |
Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device. | ||||
CVE-2024-52912 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 7.5 High |
Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug. | ||||
CVE-2024-52920 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 7.5 High |
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message. | ||||
CVE-2024-52913 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 5.3 Medium |
In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled. | ||||
CVE-2024-52916 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 7.5 High |
Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers. | ||||
CVE-2024-52915 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 7.5 High |
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message. | ||||
CVE-2024-52914 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 7.5 High |
In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction. | ||||
CVE-2024-52921 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 5.3 Medium |
In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. | ||||
CVE-2024-52918 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 6.5 Medium |
Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file. | ||||
CVE-2024-35202 | 1 Bitcoin | 1 Bitcoin | 2024-10-15 | 7.5 High |
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance. |