Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Bitcoin_core
(Bitcoin)| Repositories |
• https://github.com/bitcoin/bitcoin
• https://github.com/sipa/bitcoin |
| #Vulnerabilities | 50 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-10-10 | CVE-2024-35202 | Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance. | Bitcoin_core | N/A | ||
| 2024-11-18 | CVE-2019-25220 | Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain has enough work before committing to store it. | Bitcoin_core | N/A | ||
| 2024-12-09 | CVE-2024-55563 | Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel transactions. | Bitcoin_core | N/A | ||
| 2024-11-18 | CVE-2024-52912 | Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug. | Bitcoin_core | N/A | ||
| 2024-11-18 | CVE-2024-52913 | In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled. | Bitcoin_core | N/A | ||
| 2024-11-18 | CVE-2024-52914 | In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction. | Bitcoin_core | N/A | ||
| 2024-11-18 | CVE-2024-52915 | Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message. | Bitcoin_core | N/A | ||
| 2024-11-18 | CVE-2024-52916 | Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers. | Bitcoin_core | N/A | ||
| 2024-11-18 | CVE-2024-52917 | Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device. | Bitcoin_core | N/A | ||
| 2024-11-18 | CVE-2024-52919 | Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages. | Bitcoin_core | N/A |