Vulnerabilites related to bitcoin - bitcoin_core
cve-2013-4627
Vulnerability from cvelistv5
Published
2013-08-01 16:00
Modified
2024-09-16 19:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:52:26.795Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-01T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4627", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4627", datePublished: "2013-08-01T16:00:00Z", dateReserved: "2013-06-20T00:00:00Z", dateUpdated: "2024-09-16T19:41:14.323Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-2273
Vulnerability from cvelistv5
Published
2013-03-12 10:00
Modified
2024-09-16 23:40
Severity ?
EPSS score ?
Summary
bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:27:41.125Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-03-12T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-2273", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-2273", datePublished: "2013-03-12T10:00:00Z", dateReserved: "2013-02-26T00:00:00Z", dateUpdated: "2024-09-16T23:40:26.985Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-5141
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:09:39.173Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-06T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-5141", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-5141", datePublished: "2012-08-06T16:00:00Z", dateReserved: "2012-06-11T00:00:00Z", dateUpdated: "2024-09-17T00:16:23.072Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18350
Vulnerability from cvelistv5
Published
2020-03-12 20:13
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | x_refsource_MISC | |
| https://medium.com/%40lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:20:50.423Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-12T20:13:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18350", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", refsource: "MISC", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { name: "https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5", refsource: "MISC", url: "https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18350", datePublished: "2020-03-12T20:13:32", dateReserved: "2018-10-29T00:00:00", dateUpdated: "2024-08-05T21:20:50.423Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-17144
Vulnerability from cvelistv5
Published
2018-09-19 08:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144 | x_refsource_MISC | |
| https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md | x_refsource_MISC | |
| https://bitcoincore.org/en/2018/09/18/release-0.16.3/ | x_refsource_MISC | |
| https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md | x_refsource_MISC | |
| https://github.com/JinBean/CVE-Extension | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:39:59.599Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bitcoincore.org/en/2018/09/18/release-0.16.3/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/JinBean/CVE-Extension", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-09-19T00:00:00", descriptions: [ { lang: "en", value: "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-09T19:18:30", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md", }, { tags: [ "x_refsource_MISC", ], url: "https://bitcoincore.org/en/2018/09/18/release-0.16.3/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/JinBean/CVE-Extension", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-17144", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144", refsource: "MISC", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144", }, { name: "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md", refsource: "MISC", url: "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md", }, { name: "https://bitcoincore.org/en/2018/09/18/release-0.16.3/", refsource: "MISC", url: "https://bitcoincore.org/en/2018/09/18/release-0.16.3/", }, { name: "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md", refsource: "MISC", url: "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md", }, { name: "https://github.com/JinBean/CVE-Extension", refsource: "MISC", url: "https://github.com/JinBean/CVE-Extension", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-17144", datePublished: "2018-09-19T08:00:00", dateReserved: "2018-09-18T00:00:00", dateUpdated: "2024-08-05T10:39:59.599Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-3789
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:21:04.033Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-06T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-3789", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-3789", datePublished: "2012-08-06T16:00:00Z", dateReserved: "2012-06-19T00:00:00Z", dateUpdated: "2024-09-17T00:46:45.179Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-3641
Vulnerability from cvelistv5
Published
2020-03-12 20:42
Modified
2024-08-06 05:47
Severity ?
EPSS score ?
Summary
bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:47:58.035Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an \"Easy\" attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-12T20:42:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-3641", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an \"Easy\" attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", refsource: "MISC", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-3641", datePublished: "2020-03-12T20:42:08", dateReserved: "2015-05-04T00:00:00", dateUpdated: "2024-08-06T05:47:58.035Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-5137
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-16 23:46
Severity ?
EPSS score ?
Summary
wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:09:38.827Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-06T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-5137", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-5137", datePublished: "2012-08-06T16:00:00Z", dateReserved: "2012-05-29T00:00:00Z", dateUpdated: "2024-09-16T23:46:31.252Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33297
Vulnerability from cvelistv5
Published
2023-05-22 00:00
Modified
2025-01-28 17:20
Severity ?
EPSS score ?
Summary
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:36.328Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/issues/27586", }, { tags: [ "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/issues/27623", }, { tags: [ "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md", }, { tags: [ "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/pull/27610", }, { name: "FEDORA-2023-1bae6b7751", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/", }, { name: "FEDORA-2023-3317c9b824", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/", }, { tags: [ "x_transferred", ], url: "https://github.com/visualbasic6/drain", }, { tags: [ "x_transferred", ], url: "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544", }, { tags: [ "x_transferred", ], url: "https://x.com/123456/status/1711601593399828530", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-33297", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T17:19:49.820806Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-28T17:20:52.010Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-12T15:25:24.022Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { url: "https://github.com/bitcoin/bitcoin/issues/27586", }, { url: "https://github.com/bitcoin/bitcoin/issues/27623", }, { url: "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md", }, { url: "https://github.com/bitcoin/bitcoin/pull/27610", }, { name: "FEDORA-2023-1bae6b7751", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/", }, { name: "FEDORA-2023-3317c9b824", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/", }, { url: "https://github.com/visualbasic6/drain", }, { url: "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544", }, { url: "https://x.com/123456/status/1711601593399828530", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-33297", datePublished: "2023-05-22T00:00:00.000Z", dateReserved: "2023-05-22T00:00:00.000Z", dateUpdated: "2025-01-28T17:20:52.010Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14198
Vulnerability from cvelistv5
Published
2020-09-10 16:36
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
Bitcoin Core 0.20.0 allows remote denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198 | x_refsource_MISC | |
| https://github.com/bitcoin/bitcoin/commits/master | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202009-18 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:39:36.191Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/commits/master", }, { name: "GLSA-202009-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202009-18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Bitcoin Core 0.20.0 allows remote denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-30T01:06:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/bitcoin/bitcoin/commits/master", }, { name: "GLSA-202009-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202009-18", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-14198", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Bitcoin Core 0.20.0 allows remote denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198", refsource: "MISC", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198", }, { name: "https://github.com/bitcoin/bitcoin/commits/master", refsource: "MISC", url: "https://github.com/bitcoin/bitcoin/commits/master", }, { name: "GLSA-202009-18", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202009-18", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-14198", datePublished: "2020-09-10T16:36:45", dateReserved: "2020-06-16T00:00:00", dateUpdated: "2024-08-04T12:39:36.191Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-4684
Vulnerability from cvelistv5
Published
2013-03-12 10:00
Modified
2024-09-16 20:36
Severity ?
EPSS score ?
Summary
The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/CVE-2012-4684 | x_refsource_CONFIRM | |
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM | |
| https://bitcointalk.org/index.php?topic=8392.0 | x_refsource_CONFIRM | |
| https://bitcointalk.org/index.php?topic=148109.0 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:42:54.990Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVE-2012-4684", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcointalk.org/index.php?topic=8392.0", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcointalk.org/index.php?topic=148109.0", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-03-12T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVE-2012-4684", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcointalk.org/index.php?topic=8392.0", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcointalk.org/index.php?topic=148109.0", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-4684", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/CVE-2012-4684", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVE-2012-4684", }, { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, { name: "https://bitcointalk.org/index.php?topic=8392.0", refsource: "CONFIRM", url: "https://bitcointalk.org/index.php?topic=8392.0", }, { name: "https://bitcointalk.org/index.php?topic=148109.0", refsource: "CONFIRM", url: "https://bitcointalk.org/index.php?topic=148109.0", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-4684", datePublished: "2013-03-12T10:00:00Z", dateReserved: "2012-08-28T00:00:00Z", dateUpdated: "2024-09-16T20:36:40.543Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20587
Vulnerability from cvelistv5
Published
2019-02-11 12:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587 | x_refsource_MISC | |
| https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:05:17.687Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-11T00:00:00", descriptions: [ { lang: "en", value: "Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-02-11T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20587", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587", refsource: "MISC", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587", }, { name: "https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b", refsource: "MISC", url: "https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20587", datePublished: "2019-02-11T12:00:00", dateReserved: "2018-12-30T00:00:00", dateUpdated: "2024-08-05T12:05:17.687Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20586
Vulnerability from cvelistv5
Published
2020-03-12 20:34
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:05:17.590Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-12T20:34:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20586", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586", refsource: "MISC", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20586", datePublished: "2020-03-12T20:34:08", dateReserved: "2018-12-30T00:00:00", dateUpdated: "2024-08-05T12:05:17.590Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-12842
Vulnerability from cvelistv5
Published
2020-03-16 19:42
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | x_refsource_MISC | |
| https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ | x_refsource_MISC | |
| https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:51:06.183Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-16T19:42:50", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_MISC", ], url: "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-12842", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", refsource: "MISC", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { name: "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/", refsource: "MISC", url: "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/", }, { name: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html", refsource: "MISC", url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-12842", datePublished: "2020-03-16T19:42:50", dateReserved: "2017-08-14T00:00:00", dateUpdated: "2024-08-05T18:51:06.183Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-4683
Vulnerability from cvelistv5
Published
2012-09-14 23:00
Modified
2024-09-17 03:42
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM | |
| http://www.osvdb.org/85354 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:42:55.155Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { name: "85354", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/85354", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-09-14T23:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { name: "85354", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/85354", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-4683", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, { name: "85354", refsource: "OSVDB", url: "http://www.osvdb.org/85354", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-4683", datePublished: "2012-09-14T23:00:00Z", dateReserved: "2012-08-28T00:00:00Z", dateUpdated: "2024-09-17T03:42:56.865Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-2292
Vulnerability from cvelistv5
Published
2013-03-12 10:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM | |
| https://bitcointalk.org/?topic=140078 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:36:44.474Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcointalk.org/?topic=140078", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-03-12T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcointalk.org/?topic=140078", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-2292", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, { name: "https://bitcointalk.org/?topic=140078", refsource: "CONFIRM", url: "https://bitcointalk.org/?topic=140078", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-2292", datePublished: "2013-03-12T10:00:00Z", dateReserved: "2013-02-28T00:00:00Z", dateUpdated: "2024-09-16T18:29:52.399Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-2293
Vulnerability from cvelistv5
Published
2013-03-12 10:00
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/CVE-2013-2293 | x_refsource_CONFIRM | |
| https://bitcointalk.org/?topic=144122 | x_refsource_CONFIRM | |
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:36:44.387Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVE-2013-2293", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcointalk.org/?topic=144122", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-03-12T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVE-2013-2293", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcointalk.org/?topic=144122", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-2293", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/CVE-2013-2293", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVE-2013-2293", }, { name: "https://bitcointalk.org/?topic=144122", refsource: "CONFIRM", url: "https://bitcointalk.org/?topic=144122", }, { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-2293", datePublished: "2013-03-12T10:00:00Z", dateReserved: "2013-02-28T00:00:00Z", dateUpdated: "2024-09-16T17:33:18.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-5139
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-16 22:35
Severity ?
EPSS score ?
Summary
Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bitcointalk.org/index.php?topic=822.0 | x_refsource_CONFIRM | |
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:09:39.117Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcointalk.org/index.php?topic=822.0", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-06T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcointalk.org/index.php?topic=822.0", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-5139", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bitcointalk.org/index.php?topic=822.0", refsource: "CONFIRM", url: "https://bitcointalk.org/index.php?topic=822.0", }, { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-5139", datePublished: "2012-08-06T16:00:00Z", dateReserved: "2012-05-29T00:00:00Z", dateUpdated: "2024-09-16T22:35:57.182Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3195
Vulnerability from cvelistv5
Published
2021-01-21 07:48
Modified
2024-08-03 16:45
Severity ?
EPSS score ?
Summary
bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bitcoin/bitcoin/issues/20866 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:45:51.391Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/issues/20866", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-17T22:19:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/bitcoin/bitcoin/issues/20866", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-3195", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/bitcoin/bitcoin/issues/20866", refsource: "MISC", url: "https://github.com/bitcoin/bitcoin/issues/20866", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-3195", datePublished: "2021-01-21T07:48:58", dateReserved: "2021-01-21T00:00:00", dateUpdated: "2024-08-03T16:45:51.391Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-4682
Vulnerability from cvelistv5
Published
2012-09-14 23:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM | |
| http://www.osvdb.org/85353 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:42:55.095Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { name: "85353", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/85353", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-09-14T23:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { name: "85353", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/85353", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-4682", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, { name: "85353", refsource: "OSVDB", url: "http://www.osvdb.org/85353", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-4682", datePublished: "2012-09-14T23:00:00Z", dateReserved: "2012-08-28T00:00:00Z", dateUpdated: "2024-09-17T02:11:40.085Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15947
Vulnerability from cvelistv5
Published
2019-09-05 16:25
Modified
2024-08-05 01:03
Severity ?
EPSS score ?
Summary
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b | x_refsource_MISC | |
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947 | x_refsource_MISC | |
| https://github.com/bitcoin/bitcoin/issues/16824 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202009-18 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:03:32.586Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/issues/16824", }, { name: "GLSA-202009-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202009-18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep \"6231 0500\" command.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-30T01:06:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b", }, { tags: [ "x_refsource_MISC", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/bitcoin/bitcoin/issues/16824", }, { name: "GLSA-202009-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202009-18", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-15947", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep \"6231 0500\" command.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b", refsource: "MISC", url: "https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b", }, { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947", refsource: "MISC", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947", }, { name: "https://github.com/bitcoin/bitcoin/issues/16824", refsource: "MISC", url: "https://github.com/bitcoin/bitcoin/issues/16824", }, { name: "GLSA-202009-18", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202009-18", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-15947", datePublished: "2019-09-05T16:25:23", dateReserved: "2019-09-05T00:00:00", dateUpdated: "2024-08-05T01:03:32.586Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-2459
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.gentoo.org/show_bug.cgi?id=415973 | x_refsource_CONFIRM | |
| https://bitcointalk.org/?topic=81749 | x_refsource_CONFIRM | |
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:34:25.774Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=415973", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcointalk.org/?topic=81749", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-06T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=415973", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcointalk.org/?topic=81749", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-2459", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.gentoo.org/show_bug.cgi?id=415973", refsource: "CONFIRM", url: "https://bugs.gentoo.org/show_bug.cgi?id=415973", }, { name: "https://bitcointalk.org/?topic=81749", refsource: "CONFIRM", url: "https://bitcointalk.org/?topic=81749", }, { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-2459", datePublished: "2012-08-06T16:00:00Z", dateReserved: "2012-05-07T00:00:00Z", dateUpdated: "2024-09-16T17:08:30.742Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-10725
Vulnerability from cvelistv5
Published
2018-07-05 22:00
Modified
2024-08-06 03:30
Severity ?
EPSS score ?
Summary
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html | x_refsource_MISC | |
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | x_refsource_MISC | |
| https://github.com/JinBean/CVE-Extension | x_refsource_MISC | |
| https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:30:20.160Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/JinBean/CVE-Extension", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-05T00:00:00", descriptions: [ { lang: "en", value: "In Bitcoin Core before v0.13.0, a non-final alert is able to block the special \"final alert\" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-17T18:51:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html", }, { tags: [ "x_refsource_MISC", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/JinBean/CVE-Extension", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-10725", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Bitcoin Core before v0.13.0, a non-final alert is able to block the special \"final alert\" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html", refsource: "MISC", url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html", }, { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", refsource: "MISC", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { name: "https://github.com/JinBean/CVE-Extension", refsource: "MISC", url: "https://github.com/JinBean/CVE-Extension", }, { name: "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure", refsource: "CONFIRM", url: "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-10725", datePublished: "2018-07-05T22:00:00", dateReserved: "2018-06-25T00:00:00", dateUpdated: "2024-08-06T03:30:20.160Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-5140
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-17 04:04
Severity ?
EPSS score ?
Summary
wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM | |
| http://www.bitcoin.org/smf/index.php?topic=1306.0 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:09:39.173Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.bitcoin.org/smf/index.php?topic=1306.0", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-06T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.bitcoin.org/smf/index.php?topic=1306.0", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-5140", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, { name: "http://www.bitcoin.org/smf/index.php?topic=1306.0", refsource: "CONFIRM", url: "http://www.bitcoin.org/smf/index.php?topic=1306.0", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-5140", datePublished: "2012-08-06T16:00:00Z", dateReserved: "2012-05-29T00:00:00Z", dateUpdated: "2024-09-17T04:04:38.312Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-2272
Vulnerability from cvelistv5
Published
2013-03-12 10:00
Modified
2024-09-16 23:05
Severity ?
EPSS score ?
Summary
The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bitcointalk.org/?topic=135856 | x_refsource_CONFIRM | |
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:27:41.146Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcointalk.org/?topic=135856", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-03-12T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcointalk.org/?topic=135856", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-2272", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bitcointalk.org/?topic=135856", refsource: "CONFIRM", url: "https://bitcointalk.org/?topic=135856", }, { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-2272", datePublished: "2013-03-12T10:00:00Z", dateReserved: "2013-02-26T00:00:00Z", dateUpdated: "2024-09-16T23:05:38.104Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4165
Vulnerability from cvelistv5
Published
2013-08-01 16:00
Modified
2024-09-16 20:12
Severity ?
EPSS score ?
Summary
The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bitcoin/bitcoin/issues/2838 | x_refsource_MISC | |
| http://openwall.com/lists/oss-security/2013/07/25/5 | mailing-list, x_refsource_MLIST | |
| https://github.com/bitcoin/bitcoin/pull/2845 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:38:01.572Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/issues/2838", }, { name: "[oss-security] 20130725 Re: CVE request: timing leak in bitcoind", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2013/07/25/5", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/pull/2845", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-01T16:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/bitcoin/bitcoin/issues/2838", }, { name: "[oss-security] 20130725 Re: CVE request: timing leak in bitcoind", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2013/07/25/5", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/bitcoin/bitcoin/pull/2845", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-4165", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/bitcoin/bitcoin/issues/2838", refsource: "MISC", url: "https://github.com/bitcoin/bitcoin/issues/2838", }, { name: "[oss-security] 20130725 Re: CVE request: timing leak in bitcoind", refsource: "MLIST", url: "http://openwall.com/lists/oss-security/2013/07/25/5", }, { name: "https://github.com/bitcoin/bitcoin/pull/2845", refsource: "MISC", url: "https://github.com/bitcoin/bitcoin/pull/2845", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4165", datePublished: "2013-08-01T16:00:00Z", dateReserved: "2013-06-12T00:00:00Z", dateUpdated: "2024-09-16T20:12:33.468Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-1910
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-16 23:16
Severity ?
EPSS score ?
Summary
Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831 | x_refsource_CONFIRM | |
| https://bitcointalk.org/index.php?topic=69120.0 | x_refsource_CONFIRM | |
| http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html | x_refsource_CONFIRM | |
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:17:27.081Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcointalk.org/index.php?topic=69120.0", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-06T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcointalk.org/index.php?topic=69120.0", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-1910", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831", refsource: "CONFIRM", url: "https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831", }, { name: "https://bitcointalk.org/index.php?topic=69120.0", refsource: "CONFIRM", url: "https://bitcointalk.org/index.php?topic=69120.0", }, { name: "http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html", refsource: "CONFIRM", url: "http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html", }, { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-1910", datePublished: "2012-08-06T16:00:00Z", dateReserved: "2012-03-26T00:00:00Z", dateUpdated: "2024-09-16T23:16:22.803Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-50428
Vulnerability from cvelistv5
Published
2023-12-09 00:00
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:16:46.327Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_transferred", ], url: "https://twitter.com/LukeDashjr/status/1732204937466032285", }, { tags: [ "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799", }, { tags: [ "x_transferred", ], url: "https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md", }, { tags: [ "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/tags", }, { tags: [ "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it \"not a bug.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-04T16:57:05.960073", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { url: "https://twitter.com/LukeDashjr/status/1732204937466032285", }, { url: "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799", }, { url: "https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md", }, { url: "https://github.com/bitcoin/bitcoin/tags", }, { url: "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-50428", datePublished: "2023-12-09T00:00:00", dateReserved: "2023-12-09T00:00:00", dateUpdated: "2024-08-02T22:16:46.327Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-5138
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:09:38.988Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-06T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-5138", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-5138", datePublished: "2012-08-06T16:00:00Z", dateReserved: "2012-05-29T00:00:00Z", dateUpdated: "2024-09-17T02:11:46.037Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3219
Vulnerability from cvelistv5
Published
2013-08-01 16:00
Modified
2024-09-16 23:10
Severity ?
EPSS score ?
Summary
bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | x_refsource_CONFIRM | |
| https://en.bitcoin.it/wiki/BIP_0050 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:00:10.088Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/BIP_0050", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-01T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/BIP_0050", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-3219", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { name: "https://en.bitcoin.it/wiki/BIP_0050", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/BIP_0050", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-3219", datePublished: "2013-08-01T16:00:00Z", dateReserved: "2013-04-20T00:00:00Z", dateUpdated: "2024-09-16T23:10:47.528Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3220
Vulnerability from cvelistv5
Published
2013-08-01 16:00
Modified
2024-09-16 22:24
Severity ?
EPSS score ?
Summary
bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | x_refsource_CONFIRM | |
| https://en.bitcoin.it/wiki/BIP_0050 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:00:10.141Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/BIP_0050", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-01T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/BIP_0050", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-3220", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { name: "https://en.bitcoin.it/wiki/BIP_0050", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/BIP_0050", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-3220", datePublished: "2013-08-01T16:00:00Z", dateReserved: "2013-04-20T00:00:00Z", dateUpdated: "2024-09-16T22:24:42.272Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-1909
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-17 00:31
Severity ?
EPSS score ?
Summary
The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/BIP_0030 | x_refsource_CONFIRM | |
| https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531 | x_refsource_CONFIRM | |
| http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development | mailing-list, x_refsource_MLIST | |
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM | |
| https://bugs.gentoo.org/show_bug.cgi?id=407793 | x_refsource_CONFIRM | |
| https://bitcointalk.org/index.php?topic=67738.0 | x_refsource_CONFIRM | |
| http://r6.ca/blog/20120206T005236Z.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:17:27.004Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/BIP_0030", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531", }, { name: "[bitcoin-development] 20120228 Duplicate transactions vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=407793", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcointalk.org/index.php?topic=67738.0", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://r6.ca/blog/20120206T005236Z.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-06T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/BIP_0030", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531", }, { name: "[bitcoin-development] 20120228 Duplicate transactions vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=407793", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcointalk.org/index.php?topic=67738.0", }, { tags: [ "x_refsource_MISC", ], url: "http://r6.ca/blog/20120206T005236Z.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-1909", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/BIP_0030", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/BIP_0030", }, { name: "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531", refsource: "CONFIRM", url: "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531", }, { name: "[bitcoin-development] 20120228 Duplicate transactions vulnerability", refsource: "MLIST", url: "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development", }, { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, { name: "https://bugs.gentoo.org/show_bug.cgi?id=407793", refsource: "CONFIRM", url: "https://bugs.gentoo.org/show_bug.cgi?id=407793", }, { name: "https://bitcointalk.org/index.php?topic=67738.0", refsource: "CONFIRM", url: "https://bitcointalk.org/index.php?topic=67738.0", }, { name: "http://r6.ca/blog/20120206T005236Z.html", refsource: "MISC", url: "http://r6.ca/blog/20120206T005236Z.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-1909", datePublished: "2012-08-06T16:00:00Z", dateReserved: "2012-03-26T00:00:00Z", dateUpdated: "2024-09-17T00:31:19.043Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4447
Vulnerability from cvelistv5
Published
2012-08-06 16:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bitcointalk.org/index.php?topic=51604.0 | x_refsource_CONFIRM | |
| https://en.bitcoin.it/wiki/CVEs | x_refsource_CONFIRM | |
| https://bitcointalk.org/index.php?topic=51474.0 | x_refsource_CONFIRM | |
| http://bitcoin.org/releases/2011/11/21/v0.5.0.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:09:18.407Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcointalk.org/index.php?topic=51604.0", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcointalk.org/index.php?topic=51474.0", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bitcoin.org/releases/2011/11/21/v0.5.0.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The \"encrypt wallet\" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-06T16:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcointalk.org/index.php?topic=51604.0", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcointalk.org/index.php?topic=51474.0", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bitcoin.org/releases/2011/11/21/v0.5.0.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-4447", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The \"encrypt wallet\" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bitcointalk.org/index.php?topic=51604.0", refsource: "CONFIRM", url: "https://bitcointalk.org/index.php?topic=51604.0", }, { name: "https://en.bitcoin.it/wiki/CVEs", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/CVEs", }, { name: "https://bitcointalk.org/index.php?topic=51474.0", refsource: "CONFIRM", url: "https://bitcointalk.org/index.php?topic=51474.0", }, { name: "http://bitcoin.org/releases/2011/11/21/v0.5.0.html", refsource: "CONFIRM", url: "http://bitcoin.org/releases/2011/11/21/v0.5.0.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-4447", datePublished: "2012-08-06T16:00:00Z", dateReserved: "2011-11-14T00:00:00Z", dateUpdated: "2024-09-17T01:51:06.257Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37192
Vulnerability from cvelistv5
Published
2023-07-06 00:00
Modified
2024-11-20 19:46
Severity ?
EPSS score ?
Summary
Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.088Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bitcoin.org/en/bitcoin-core/", }, { tags: [ "x_transferred", ], url: "https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html", }, { tags: [ "x_transferred", ], url: "https://www.youtube.com/watch?v=oEl4M1oZim0", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37192", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T19:46:47.051852Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T19:46:59.561Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-06T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bitcoin.org/en/bitcoin-core/", }, { url: "https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html", }, { url: "https://www.youtube.com/watch?v=oEl4M1oZim0", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-37192", datePublished: "2023-07-06T00:00:00", dateReserved: "2023-06-28T00:00:00", dateUpdated: "2024-11-20T19:46:59.561Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-5700
Vulnerability from cvelistv5
Published
2013-09-10 10:00
Modified
2024-09-16 19:55
Severity ?
EPSS score ?
Summary
The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | x_refsource_CONFIRM | |
| https://bitcointalk.org/index.php?topic=287351 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:22:29.969Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcointalk.org/index.php?topic=287351", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-10T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcointalk.org/index.php?topic=287351", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-5700", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", refsource: "CONFIRM", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { name: "https://bitcointalk.org/index.php?topic=287351", refsource: "CONFIRM", url: "https://bitcointalk.org/index.php?topic=287351", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-5700", datePublished: "2013-09-10T10:00:00Z", dateReserved: "2013-09-05T00:00:00Z", dateUpdated: "2024-09-16T19:55:45.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-17145
Vulnerability from cvelistv5
Published
2020-09-10 16:32
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md | x_refsource_MISC | |
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145 | x_refsource_MISC | |
| https://invdos.net/paper/CVE-2018-17145.pdf | x_refsource_CONFIRM | |
| https://invdos.net | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:39:59.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://invdos.net/paper/CVE-2018-17145.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://invdos.net", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-10T16:32:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md", }, { tags: [ "x_refsource_MISC", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://invdos.net/paper/CVE-2018-17145.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://invdos.net", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-17145", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md", refsource: "MISC", url: "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md", }, { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145", refsource: "MISC", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145", }, { name: "https://invdos.net/paper/CVE-2018-17145.pdf", refsource: "CONFIRM", url: "https://invdos.net/paper/CVE-2018-17145.pdf", }, { name: "https://invdos.net", refsource: "CONFIRM", url: "https://invdos.net", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-17145", datePublished: "2020-09-10T16:32:13", dateReserved: "2018-09-18T00:00:00", dateUpdated: "2024-08-05T10:39:59.568Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-10724
Vulnerability from cvelistv5
Published
2018-07-05 22:00
Modified
2024-08-06 03:30
Severity ?
EPSS score ?
Summary
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html | x_refsource_MISC | |
| https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures | x_refsource_MISC | |
| https://github.com/JinBean/CVE-Extension | x_refsource_MISC | |
| https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:30:20.178Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/JinBean/CVE-Extension", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-05T00:00:00", descriptions: [ { lang: "en", value: "Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-17T18:45:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html", }, { tags: [ "x_refsource_MISC", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/JinBean/CVE-Extension", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-10724", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html", refsource: "MISC", url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html", }, { name: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", refsource: "MISC", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { name: "https://github.com/JinBean/CVE-Extension", refsource: "MISC", url: "https://github.com/JinBean/CVE-Extension", }, { name: "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure", refsource: "CONFIRM", url: "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-10724", datePublished: "2018-07-05T22:00:00", dateReserved: "2018-06-24T00:00:00", dateUpdated: "2024-08-06T03:30:20.178Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2024-11-21 01:38
Severity ?
Summary
Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin-qt | 0.5.0 | |
| bitcoin | bitcoin-qt | 0.5.0.4 | |
| bitcoin | bitcoin-qt | 0.5.1 | |
| bitcoin | bitcoin-qt | 0.5.3.0 | |
| bitcoin | bitcoin_core | 0.5.0 | |
| bitcoin | bitcoin_core | 0.5.1 | |
| bitcoin | bitcoin_core | 0.5.2 | |
| bitcoin | bitcoin_core | 0.6.0 | |
| bitcoin | bitcoin_core | 0.6.0 | |
| bitcoin | bitcoin_core | 0.6.0 | |
| microsoft | windows | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0:rc1:*:*:*:*:*:*", matchCriteriaId: "27CD6BDE-3732-4863-B855-A0FD022DD62F", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20635DAC-54CF-48C4-979A-7E909A985093", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.1:rc1:*:*:*:*:*:*", matchCriteriaId: "0264EBF9-C104-49C5-9F43-E0CCC73154B7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A2233FD0-6F87-4B8B-BDC9-C633F428BA62", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "9B27520D-C703-4A15-8C8E-A6250C468ED2", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8B4715C1-22BF-495B-BA99-B4D7D64B5BD0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.2:*:*:*:*:*:*:*", matchCriteriaId: "D7E79FF3-C56B-4A19-8AE3-4DDA64AC7BCA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "EDE5CA7E-C9F2-47ED-9F89-32AC8D664824", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0:rc1:*:*:*:*:*:*", matchCriteriaId: "A292912B-A5F1-4F90-81E6-0A3CA69166D3", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0:rc3:*:*:*:*:*:*", matchCriteriaId: "7F27334D-1CD6-4002-A5E4-9DA9F21E6FF1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", matchCriteriaId: "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages.", }, { lang: "es", value: "Bitcoin-Qt 0.5.0.x anterior a 0.5.0.5; 0.5.1.x, 0.5.2.x, y 0.5.3.x anterior a 0.5.3.1; y 0.6.x anterior a 0.6.0rc4 sobre Windows no utiliza ningún manejador de excepciones MinGW multithread-safe, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución arbitrario de código a través de mensajes del protocolo de Bitcoin.", }, ], id: "CVE-2012-1910", lastModified: "2024-11-21T01:38:01.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-06T16:55:01.773", references: [ { source: "cve@mitre.org", url: "http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html", }, { source: "cve@mitre.org", url: "https://bitcointalk.org/index.php?topic=69120.0", }, { source: "cve@mitre.org", url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bitcointalk.org/index.php?topic=69120.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2024-11-21 01:22
Severity ?
Summary
wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | wxbitcoin | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "55AA4A6A-8435-4AB6-B0ED-67FBE5BD8DFE", versionEndIncluding: "0.3.4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:*:*:*:*:*:*:*:*", matchCriteriaId: "5EC0E465-8C7C-40F9-BFB9-77BA8B36D479", versionEndIncluding: "0.3.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode.", }, { lang: "es", value: "wxBitcoin y bitcoind anteriores a v0.3.5 permite a atacantes remotos causar una denegación de servicio (caída del demonio) a través de una transacción Bitcoin que contiene un código de operación secuencia de comandos OP_LSHIFT.", }, ], id: "CVE-2010-5137", lastModified: "2024-11-21T01:22:32.760", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-06T16:55:00.977", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-19 08:29
Modified
2024-11-21 03:53
Severity ?
Summary
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | * | |
| bitcoinknots | bitcoin_knots | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "4B631450-47D0-4BE4-8A80-CBAC0ED15B79", versionEndExcluding: "0.14.3", versionStartIncluding: "0.14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "7644C16B-2B66-4A66-BAB3-923D7BB1A9A3", versionEndExcluding: "0.15.2", versionStartIncluding: "0.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5F1D9C-B758-4A43-B59E-D9E436804EC0", versionEndExcluding: "0.16.3", versionStartIncluding: "0.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*", matchCriteriaId: "CB243061-9C18-44FD-ABAD-0759DCFC2E42", versionEndExcluding: "0.16.3", versionStartIncluding: "0.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.", }, { lang: "es", value: "Bitcoin Core en versiones 0.14.x anteriores a la 0.14.3, 0.15.x anteriores a la 0.15.2 y 0.16.x anteriores a la 0.16.3 y Bitcoin Knots desde las versiones 0.14.x hasta las 0.16.x anteriores a la 0.16.3 permiten una denegación remota de servicio (cierre inesperado de la aplicación) explotable por mineros mediante entradas duplicadas. Un atacante puede provocar el cierre inesperado de bitcoind o de Bitcoin-Qt.", }, ], id: "CVE-2018-17144", lastModified: "2024-11-21T03:53:57.130", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-19T08:29:00.333", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://bitcoincore.org/en/2018/09/18/release-0.16.3/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/JinBean/CVE-Extension", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bitcoincore.org/en/2018/09/18/release-0.16.3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/JinBean/CVE-Extension", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bitcoin/bitcoin/blob/v0.16.3/doc/release-notes.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-10 17:15
Modified
2024-11-21 03:53
Severity ?
Summary
Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145 | Vendor Advisory | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://invdos.net | Third Party Advisory | |
| cve@mitre.org | https://invdos.net/paper/CVE-2018-17145.pdf | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://invdos.net | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://invdos.net/paper/CVE-2018-17145.pdf | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bcoin | bcoin | * | |
| bitcoin | bitcoin_core | * | |
| bitcoinknots | bitcoin_knots | * | |
| btcd_project | btcd | 0.3.0 | |
| btcd_project | btcd | 0.3.1 | |
| btcd_project | btcd | 0.3.2 | |
| btcd_project | btcd | 0.3.3 | |
| btcd_project | btcd | 0.4.0 | |
| btcd_project | btcd | 0.5.0 | |
| btcd_project | btcd | 0.6.0 | |
| btcd_project | btcd | 0.7.0 | |
| btcd_project | btcd | 0.8.0 | |
| btcd_project | btcd | 0.9.0 | |
| btcd_project | btcd | 0.10.0 | |
| btcd_project | btcd | 0.11.0 | |
| btcd_project | btcd | 0.11.1 | |
| btcd_project | btcd | 0.12.0 | |
| btcd_project | btcd | 0.13.0 | |
| btcd_project | btcd | 0.13.0 | |
| btcd_project | btcd | 0.20.0 | |
| btcd_project | btcd | 0.20.1 | |
| decred | dcrd | * | |
| litecoin | litecoin | * | |
| namecoin | namecoin_core | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bcoin:bcoin:*:*:*:*:*:*:*:*", matchCriteriaId: "1D47D52B-8C16-4A9C-ADFC-92B0C8C4C7E2", versionEndExcluding: "1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "54E8DE3C-5E58-4BAB-8C28-EC7CF9749B0B", versionEndExcluding: "0.16.2", versionStartIncluding: "0.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*", matchCriteriaId: "2BD003E0-D891-4340-9818-7231219F72B0", versionEndExcluding: "0.16.2", versionStartIncluding: "0.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.3.0:alpha:*:*:*:*:*:*", matchCriteriaId: "F24D4ED2-623F-44E4-9BE7-E8F4004A26B6", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.3.1:alpha:*:*:*:*:*:*", matchCriteriaId: "DFA56887-43B2-4831-883C-D4E9C3B2AD2F", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.3.2:alpha:*:*:*:*:*:*", matchCriteriaId: "8701A58C-A87A-42DD-B841-960246BE486A", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.3.3:alpha:*:*:*:*:*:*", matchCriteriaId: "6B066ACB-83C2-4678-AFAA-0C1A9AA592E7", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.4.0:alpha:*:*:*:*:*:*", matchCriteriaId: "C036F3F2-A5ED-47BA-B98C-08788C8E390B", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.5.0:alpha:*:*:*:*:*:*", matchCriteriaId: "CB365F56-5FD5-4C2C-9E37-0352A981C427", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.6.0:alpha:*:*:*:*:*:*", matchCriteriaId: "F02ECCBD-18C8-4CF9-9611-55454506EA8F", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.7.0:alpha:*:*:*:*:*:*", matchCriteriaId: "81BA7357-679A-4950-A38F-56E4423339FE", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.8.0:beta:*:*:*:*:*:*", matchCriteriaId: "117660E8-0A79-4558-88C6-00B96C896967", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.9.0:beta:*:*:*:*:*:*", matchCriteriaId: "82BC5866-F639-47E1-A083-F383A9E40E18", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.10.0:beta:*:*:*:*:*:*", matchCriteriaId: "CB7F92D5-42D4-4EFD-929A-15ADC79A79CF", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.11.0:beta:*:*:*:*:*:*", matchCriteriaId: "E386CD33-130A-4064-8112-4B492E7A437F", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.11.1:beta:*:*:*:*:*:*", matchCriteriaId: "4F0976B7-1D89-41A3-AA8C-035A0646B3FC", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.12.0:beta:*:*:*:*:*:*", matchCriteriaId: "6FFE3B5E-B0FD-469E-AFB6-E5E77964ED4C", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.13.0:beta:*:*:*:*:*:*", matchCriteriaId: "5D6EBD54-5A03-4022-BE66-D3F380CAFADD", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.13.0:beta2:*:*:*:*:*:*", matchCriteriaId: "08F558B9-DAD3-47B0-A56B-F574CAC36CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.20.0:beta:*:*:*:*:*:*", matchCriteriaId: "00C62A96-3EBC-4FA4-8BF1-718F5E6B3A91", vulnerable: true, }, { criteria: "cpe:2.3:a:btcd_project:btcd:0.20.1:beta:*:*:*:*:*:*", matchCriteriaId: "029A3CB7-0076-4908-9EA7-127F549739A0", vulnerable: true, }, { criteria: "cpe:2.3:a:decred:dcrd:*:*:*:*:*:*:*:*", matchCriteriaId: "257D3613-4A8C-4C78-A219-85793EE29132", versionEndExcluding: "1.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:litecoin:litecoin:*:*:*:*:*:*:*:*", matchCriteriaId: "265C6B30-51DA-45FD-9637-7BA9DFDD27AB", versionEndExcluding: "0.16.2", versionStartIncluding: "0.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:namecoin:namecoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "30BE44E8-2ADB-4F7B-855E-9539AD459278", versionEndExcluding: "0.16.2", versionStartIncluding: "0.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15.", }, { lang: "es", value: "Bitcoin Core versiones 0.16.x anteriores a 0.16.2 y Bitcoin Knots versiones 0.16.x anteriores a 0.16.2, permite la denegación de servicio remota por medio de una avalancha de mensajes inv de transacciones múltiples con hashes aleatorios, también se conoce como INVDoS. NOTA: esto también puede afectar a otras criptomonedas, por ejemplo, si se bifurcaron desde Bitcoin Core después del 15/11/2017", }, ], id: "CVE-2018-17145", lastModified: "2024-11-21T03:53:57.297", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-10T17:15:25.767", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://invdos.net", }, { source: "cve@mitre.org", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://invdos.net/paper/CVE-2018-17145.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/bitcoin/bitcoin/blob/v0.16.2/doc/release-notes.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://invdos.net", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://invdos.net/paper/CVE-2018-17145.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-02 12:10
Modified
2024-11-21 01:55
Severity ?
Summary
The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.8.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.8.1:*:*:*:*:*:*:*", matchCriteriaId: "53B8A243-3A29-4E36-9974-6C19D944E9ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.", }, { lang: "es", value: "La función HTTPAuthorized en bitcoinrpc.cpp en bitcoind 0.8.1, ofrece información acerca del fallo de autenticación incluso detectando el primer byte incorrecto de la contraseña, lo que facilita a atacantes remotos el determinar las contraseñas mediante un ataque del tipo \"timing side-channel\".", }, ], id: "CVE-2013-4165", lastModified: "2024-11-21T01:55:00.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-02T12:10:40.487", references: [ { source: "secalert@redhat.com", url: "http://openwall.com/lists/oss-security/2013/07/25/5", }, { source: "secalert@redhat.com", url: "https://github.com/bitcoin/bitcoin/issues/2838", }, { source: "secalert@redhat.com", url: "https://github.com/bitcoin/bitcoin/pull/2845", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2013/07/25/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/bitcoin/bitcoin/issues/2838", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/bitcoin/bitcoin/pull/2845", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-12 11:28
Modified
2024-11-21 01:51
Severity ?
Summary
The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:*:rc4:*:*:*:*:*:*", matchCriteriaId: "E080E161-2DAC-4C34-8398-DDD146506DB8", versionEndIncluding: "0.4.8", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.4:rc4:*:*:*:*:*:*", matchCriteriaId: "107C630C-68AD-478B-9206-403CCEAE9B90", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0:rc1:*:*:*:*:*:*", matchCriteriaId: "27CD6BDE-3732-4863-B855-A0FD022DD62F", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20635DAC-54CF-48C4-979A-7E909A985093", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.1:rc1:*:*:*:*:*:*", matchCriteriaId: "0264EBF9-C104-49C5-9F43-E0CCC73154B7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A2233FD0-6F87-4B8B-BDC9-C633F428BA62", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.7:*:*:*:*:*:*:*", matchCriteriaId: "80FA08FC-3D57-467B-838B-FDF1E67BF609", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.0.10:rc4:*:*:*:*:*:*", matchCriteriaId: "1DB1A621-F271-4120-A642-CAC3D09232AD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "8D758886-F560-4FF6-88DA-C5EEBAACA20F", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.0:rc1:*:*:*:*:*:*", matchCriteriaId: "F473942D-1B5B-4348-9896-9828976A3C00", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "A56DE917-D389-4D60-8586-D4F1DEB9012A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "32A19BEA-853D-4727-B456-FCBAFF36CDD7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "D009847B-E8E7-4472-8260-4A334438C587", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "61F25360-9436-41C9-82CB-39D7FF087C2A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*", matchCriteriaId: "83F460DD-E537-430D-A370-485E0A707560", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*", matchCriteriaId: "BD9264DE-6336-4654-8E8A-A3725B845D23", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*", matchCriteriaId: "B7A0874D-2223-4577-A8E6-93455B9C1DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F5F6B138-0ED9-4205-B544-66C4C60C3A68", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*", matchCriteriaId: "8494FF99-5D8C-497A-90E7-3D87807F5997", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*", matchCriteriaId: "03E74F91-82C2-435C-BB20-3FF25E431B4B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*", matchCriteriaId: "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*", matchCriteriaId: "63681DB5-2644-476C-86AD-D7DCD69AE1FD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*", matchCriteriaId: "42BE2305-B58F-4D12-80B1-AF0BF29E15CA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*", matchCriteriaId: "4FEB8A5B-52A4-4D67-8472-46399998C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*", matchCriteriaId: "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*", matchCriteriaId: "148CF2B0-2C70-47B9-9547-382AE458DCFE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*", matchCriteriaId: "74398A03-74B4-4EC4-A15E-047367614EC7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*", matchCriteriaId: "08AF597D-8BBD-44FE-B0C9-8B03B0350F74", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*", matchCriteriaId: "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*", matchCriteriaId: "A4381211-305A-4FAD-BD0F-56513F153958", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*", matchCriteriaId: "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3D079E05-C980-4257-9B39-D0750BF318D5", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B3013254-B002-4F67-B6A0-747F9F82250E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "27283E3F-E88A-45ED-8BFA-C9C6A09EA642", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*", matchCriteriaId: "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*", matchCriteriaId: "B99F940E-EF59-4150-B980-0C70DC5995DE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*", matchCriteriaId: "9F5744C1-16A1-4617-B3D0-90305DD0C145", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*", matchCriteriaId: "B323C69A-C343-4FF3-BA70-2449A9083907", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "8BA3817C-4DC0-4867-8DD9-7B912602C80E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*", matchCriteriaId: "AAD1B466-3E8D-4179-8AEE-07E51B04D396", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:*:rc4:*:*:*:*:*:*", matchCriteriaId: "F0EC3A7C-D203-459E-8F03-3E0E859CB7FE", versionEndIncluding: "0.4.4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.5.7:*:*:*:*:*:*:*", matchCriteriaId: "0430A512-206A-4143-AC5F-C3E0AF19AD6D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6F0E0AB1-DE49-46EA-AF18-FA9D053E2DBA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.0.10:rc4:*:*:*:*:*:*", matchCriteriaId: "D29BF4F1-A79D-4AED-8D1A-59C58093F621", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "57E4D76A-A84C-49F5-BDED-F64BB4C49972", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.4:rc4:*:*:*:*:*:*", matchCriteriaId: "3E64AEBF-988A-476E-9275-8B42C66F7101", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.0:rc1:*:*:*:*:*:*", matchCriteriaId: "D062707E-A0FC-4A89-A59B-D68EFAFA8683", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "9979189E-737C-48F1-BBB3-2E878EC4D4D7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "416E87CB-03CC-4C72-9A41-CEE09A8A4FAD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees.", }, { lang: "es", value: "El mecanismo de protección \"penny-flooding\" en el método CTxMemPool::accept en bitcoind and Bitcoin-Qt before v0.4.9rc1, v0.5.x anterior a v0.5.8rc1, v0.6.0 anterior a v0.6.0.11rc1, v0.6.1 hasta v0.6.5 anterior a v0.6.5rc1, y v0.7.x anterior a v0.7.3rc1 permite a atacantes remotos determinar asociaciones entre \"wallet addresses\" y direcciones IP mediante una serie de transacciones Bitcoin con insuficientes tasas.", }, ], id: "CVE-2013-2272", lastModified: "2024-11-21T01:51:22.957", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-12T11:28:18.337", references: [ { source: "cve@mitre.org", url: "https://bitcointalk.org/?topic=135856", }, { source: "cve@mitre.org", url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bitcointalk.org/?topic=135856", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-02 12:10
Modified
2024-11-21 01:53
Severity ?
Summary
bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.8.0 | |
| bitcoin | bitcoin_core | 0.8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.8.0:*:*:*:*:*:*:*", matchCriteriaId: "F1FB8897-6ABE-48D4-A917-571342DF93FB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.8.0:rc1:*:*:*:*:*:*", matchCriteriaId: "DA424B29-2C7E-49FB-AA7B-F27F0489EB63", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions.", }, { lang: "es", value: "bitcoind y Bitcoin-Qt 0.8.x anterior a 0.8.1, no refuerza un regla de bloqueo determinada, lo que permite a atacantes remotos evitar las restricciones de acceso y llevar a cabo ataques de \"double-spending\" a través de un gran bloque que provoca un cierre incorrecto de Berkeley DB en versiones antiguas del software.", }, ], id: "CVE-2013-3219", lastModified: "2024-11-21T01:53:11.970", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-02T12:10:40.460", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/BIP_0050", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/BIP_0050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-09-14 23:55
Modified
2024-11-21 01:43
Severity ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "D009847B-E8E7-4472-8260-4A334438C587", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682.", }, { lang: "es", value: "Vulnerabilidad no especificada en bitcoind y Bitcoin-Qt permite atacantes provocar una denegación de servicio a través de vectores desconocidos, es una vulnerabilidad distinta a CVE-2012-4682.", }, ], id: "CVE-2012-4683", lastModified: "2024-11-21T01:43:20.927", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-09-14T23:55:15.183", references: [ { source: "cve@mitre.org", url: "http://www.osvdb.org/85354", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/85354", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-12 11:28
Modified
2024-11-21 01:51
Severity ?
Summary
bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:*:rc4:*:*:*:*:*:*", matchCriteriaId: "E080E161-2DAC-4C34-8398-DDD146506DB8", versionEndIncluding: "0.4.8", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.4:rc4:*:*:*:*:*:*", matchCriteriaId: "107C630C-68AD-478B-9206-403CCEAE9B90", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0:rc1:*:*:*:*:*:*", matchCriteriaId: "27CD6BDE-3732-4863-B855-A0FD022DD62F", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20635DAC-54CF-48C4-979A-7E909A985093", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.1:rc1:*:*:*:*:*:*", matchCriteriaId: "0264EBF9-C104-49C5-9F43-E0CCC73154B7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A2233FD0-6F87-4B8B-BDC9-C633F428BA62", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.7:*:*:*:*:*:*:*", matchCriteriaId: "80FA08FC-3D57-467B-838B-FDF1E67BF609", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.0.10:rc4:*:*:*:*:*:*", matchCriteriaId: "1DB1A621-F271-4120-A642-CAC3D09232AD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "8D758886-F560-4FF6-88DA-C5EEBAACA20F", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.0:rc1:*:*:*:*:*:*", matchCriteriaId: "F473942D-1B5B-4348-9896-9828976A3C00", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "A56DE917-D389-4D60-8586-D4F1DEB9012A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "32A19BEA-853D-4727-B456-FCBAFF36CDD7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "D009847B-E8E7-4472-8260-4A334438C587", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "61F25360-9436-41C9-82CB-39D7FF087C2A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*", matchCriteriaId: "83F460DD-E537-430D-A370-485E0A707560", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*", matchCriteriaId: "BD9264DE-6336-4654-8E8A-A3725B845D23", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*", matchCriteriaId: "B7A0874D-2223-4577-A8E6-93455B9C1DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F5F6B138-0ED9-4205-B544-66C4C60C3A68", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*", matchCriteriaId: "8494FF99-5D8C-497A-90E7-3D87807F5997", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*", matchCriteriaId: "03E74F91-82C2-435C-BB20-3FF25E431B4B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*", matchCriteriaId: "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*", matchCriteriaId: "63681DB5-2644-476C-86AD-D7DCD69AE1FD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*", matchCriteriaId: "42BE2305-B58F-4D12-80B1-AF0BF29E15CA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*", matchCriteriaId: "4FEB8A5B-52A4-4D67-8472-46399998C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*", matchCriteriaId: "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*", matchCriteriaId: "148CF2B0-2C70-47B9-9547-382AE458DCFE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*", matchCriteriaId: "74398A03-74B4-4EC4-A15E-047367614EC7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*", matchCriteriaId: "08AF597D-8BBD-44FE-B0C9-8B03B0350F74", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*", matchCriteriaId: "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*", matchCriteriaId: "A4381211-305A-4FAD-BD0F-56513F153958", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*", matchCriteriaId: "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3D079E05-C980-4257-9B39-D0750BF318D5", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B3013254-B002-4F67-B6A0-747F9F82250E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "27283E3F-E88A-45ED-8BFA-C9C6A09EA642", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*", matchCriteriaId: "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*", matchCriteriaId: "B99F940E-EF59-4150-B980-0C70DC5995DE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*", matchCriteriaId: "9F5744C1-16A1-4617-B3D0-90305DD0C145", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*", matchCriteriaId: "B323C69A-C343-4FF3-BA70-2449A9083907", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "8BA3817C-4DC0-4867-8DD9-7B912602C80E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*", matchCriteriaId: "AAD1B466-3E8D-4179-8AEE-07E51B04D396", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:*:rc4:*:*:*:*:*:*", matchCriteriaId: "F0EC3A7C-D203-459E-8F03-3E0E859CB7FE", versionEndIncluding: "0.4.4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.5.7:*:*:*:*:*:*:*", matchCriteriaId: "0430A512-206A-4143-AC5F-C3E0AF19AD6D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6F0E0AB1-DE49-46EA-AF18-FA9D053E2DBA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.0.10:rc4:*:*:*:*:*:*", matchCriteriaId: "D29BF4F1-A79D-4AED-8D1A-59C58093F621", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "57E4D76A-A84C-49F5-BDED-F64BB4C49972", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.4:rc4:*:*:*:*:*:*", matchCriteriaId: "3E64AEBF-988A-476E-9275-8B42C66F7101", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.0:rc1:*:*:*:*:*:*", matchCriteriaId: "D062707E-A0FC-4A89-A59B-D68EFAFA8683", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "9979189E-737C-48F1-BBB3-2E878EC4D4D7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "416E87CB-03CC-4C72-9A41-CEE09A8A4FAD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction.", }, { lang: "es", value: "bitcoind y Bitcoin-Qt anterior a v0.4.9rc1, v0.5.x anterior a v0.5.8rc1, v0.6.0 anterior a v0.6.0.11rc1, v0.6.1 hasta v0.6.5 anterior a v0.6.5rc1, y v0.7.x anterior a v0.7.3rc1 hacen más fácil para atacantes remotos obtener información sensible sobre el cambio devuelto al aprovechar cierta previsibilidad en los resultados de una operación de Bitcoin.", }, ], id: "CVE-2013-2273", lastModified: "2024-11-21T01:51:23.107", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-12T11:28:18.357", references: [ { source: "cve@mitre.org", url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-12 21:15
Modified
2024-11-21 03:19
Severity ?
Summary
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "C2ED1826-FB8C-42AD-9D4C-A62FBDC99D62", versionEndExcluding: "0.15.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.", }, { lang: "es", value: "bitcoind y Bitcoin-Qt versiones anteriores a 0.15.1, presentan un desbordamiento de búfer en la región stack de la memoria si es usado un servidor proxy SOCKS controlado por el atacante. Esto resulta de un error de la propiedad signedness de enteros cuando el servidor proxy responde con el reconocimiento de un nombre de dominio de destino inesperado.", }, ], id: "CVE-2017-18350", lastModified: "2024-11-21T03:19:54.340", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-12T21:15:12.373", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "cve@mitre.org", url: "https://medium.com/%40lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-11 12:29
Modified
2024-11-21 04:01
Severity ?
Summary
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoinknots | bitcoin_knots | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "529F2E93-27AA-42A9-A853-BE1AFA4EFE6E", versionEndIncluding: "0.17.1", versionStartIncluding: "0.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*", matchCriteriaId: "B3AD00B7-0C92-426F-8404-6C206C78BF5B", versionEndIncluding: "0.17.0", versionStartIncluding: "0.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.", }, { lang: "es", value: "Bitcoin Core, desde la versión 0.12.0 hasta la 0.17.1 y Bitcoin Knots, desde la versión 0.12.0 hasta la 0.17.x antes de la 0.17.1.knots20181229 tienen un control de acceso incorrecto. Los usuarios locales pueden explotar esta vulnerabilidad para robar dinero enlazando el puerto localhost IPv4 RPC y reenviando peticiones al puerto localhost IPv6.", }, ], id: "CVE-2018-20587", lastModified: "2024-11-21T04:01:47.563", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-11T12:29:00.250", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587", }, { source: "cve@mitre.org", url: "https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-10 17:15
Modified
2024-11-21 05:02
Severity ?
Summary
Bitcoin Core 0.20.0 allows remote denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198 | Vendor Advisory | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/commits/master | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202009-18 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/commits/master | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202009-18 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.20.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.20.0:-:*:*:*:*:*:*", matchCriteriaId: "A00FFD36-B9BC-4577-8DA8-0A746F4E1F7A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Bitcoin Core 0.20.0 allows remote denial of service.", }, { lang: "es", value: "Bitcoin Core versión 0.20.0, permite una denegación de servicio remota", }, ], id: "CVE-2020-14198", lastModified: "2024-11-21T05:02:51.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-10T17:15:28.860", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bitcoin/bitcoin/commits/master", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202009-18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/bitcoin/bitcoin/commits/master", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202009-18", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-09 19:15
Modified
2024-11-21 08:36
Severity ?
Summary
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoinknots | bitcoin_knots | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "B1179DE7-9710-433D-83B8-0CE1A7CC8BF7", versionEndIncluding: "26.0", versionStartIncluding: "0.9", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoinknots:bitcoin_knots:*:*:*:*:*:*:*:*", matchCriteriaId: "42AEEA35-5598-4E0A-B693-5D0918ED30B7", versionEndExcluding: "25.1", versionStartIncluding: "0.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it \"not a bug.\"", }, { lang: "es", value: "En Bitcoin Core hasta 26.0 y Bitcoin Knots anteriores a 25.1.knots20231115, los límites de tamaño del portador de datos se pueden eludir ofuscando los datos como código (por ejemplo, con OP_FALSE OP_IF), tal como lo explotó Inscriptions en 2022 y 2023.", }, ], id: "CVE-2023-50428", lastModified: "2024-11-21T08:36:57.957", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-09T19:15:07.977", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "cve@mitre.org", url: "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://github.com/bitcoin/bitcoin/tags", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://twitter.com/LukeDashjr/status/1732204937466032285", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/bitcoin/bitcoin/tags", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://twitter.com/LukeDashjr/status/1732204937466032285", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-12 11:28
Modified
2024-11-21 01:51
Severity ?
Summary
The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.4:rc4:*:*:*:*:*:*", matchCriteriaId: "107C630C-68AD-478B-9206-403CCEAE9B90", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.4.8:rc4:*:*:*:*:*:*", matchCriteriaId: "F567F467-E340-4BBA-9D42-DC3445EE09DC", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0:rc1:*:*:*:*:*:*", matchCriteriaId: "27CD6BDE-3732-4863-B855-A0FD022DD62F", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20635DAC-54CF-48C4-979A-7E909A985093", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.1:rc1:*:*:*:*:*:*", matchCriteriaId: "0264EBF9-C104-49C5-9F43-E0CCC73154B7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A2233FD0-6F87-4B8B-BDC9-C633F428BA62", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.7:*:*:*:*:*:*:*", matchCriteriaId: "80FA08FC-3D57-467B-838B-FDF1E67BF609", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.0.10:rc4:*:*:*:*:*:*", matchCriteriaId: "1DB1A621-F271-4120-A642-CAC3D09232AD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "8D758886-F560-4FF6-88DA-C5EEBAACA20F", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.0:rc1:*:*:*:*:*:*", matchCriteriaId: "F473942D-1B5B-4348-9896-9828976A3C00", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "A56DE917-D389-4D60-8586-D4F1DEB9012A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "D009847B-E8E7-4472-8260-4A334438C587", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "AA342670-9FC6-48C8-91B7-04019D2219A2", versionEndIncluding: "0.7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "61F25360-9436-41C9-82CB-39D7FF087C2A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*", matchCriteriaId: "83F460DD-E537-430D-A370-485E0A707560", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*", matchCriteriaId: "BD9264DE-6336-4654-8E8A-A3725B845D23", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*", matchCriteriaId: "B7A0874D-2223-4577-A8E6-93455B9C1DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F5F6B138-0ED9-4205-B544-66C4C60C3A68", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*", matchCriteriaId: "8494FF99-5D8C-497A-90E7-3D87807F5997", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*", matchCriteriaId: "03E74F91-82C2-435C-BB20-3FF25E431B4B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*", matchCriteriaId: "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*", matchCriteriaId: "63681DB5-2644-476C-86AD-D7DCD69AE1FD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*", matchCriteriaId: "42BE2305-B58F-4D12-80B1-AF0BF29E15CA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*", matchCriteriaId: "4FEB8A5B-52A4-4D67-8472-46399998C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*", matchCriteriaId: "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*", matchCriteriaId: "148CF2B0-2C70-47B9-9547-382AE458DCFE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*", matchCriteriaId: "74398A03-74B4-4EC4-A15E-047367614EC7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*", matchCriteriaId: "08AF597D-8BBD-44FE-B0C9-8B03B0350F74", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*", matchCriteriaId: "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*", matchCriteriaId: "A4381211-305A-4FAD-BD0F-56513F153958", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*", matchCriteriaId: "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3D079E05-C980-4257-9B39-D0750BF318D5", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B3013254-B002-4F67-B6A0-747F9F82250E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "27283E3F-E88A-45ED-8BFA-C9C6A09EA642", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*", matchCriteriaId: "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*", matchCriteriaId: "B99F940E-EF59-4150-B980-0C70DC5995DE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*", matchCriteriaId: "9F5744C1-16A1-4617-B3D0-90305DD0C145", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*", matchCriteriaId: "B323C69A-C343-4FF3-BA70-2449A9083907", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "8BA3817C-4DC0-4867-8DD9-7B912602C80E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*", matchCriteriaId: "AAD1B466-3E8D-4179-8AEE-07E51B04D396", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.4.4:rc4:*:*:*:*:*:*", matchCriteriaId: "CC730AD6-2B5B-47A2-881E-B543ABD77AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.5.7:*:*:*:*:*:*:*", matchCriteriaId: "0430A512-206A-4143-AC5F-C3E0AF19AD6D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6F0E0AB1-DE49-46EA-AF18-FA9D053E2DBA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.0.10:rc4:*:*:*:*:*:*", matchCriteriaId: "D29BF4F1-A79D-4AED-8D1A-59C58093F621", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "57E4D76A-A84C-49F5-BDED-F64BB4C49972", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.4:rc4:*:*:*:*:*:*", matchCriteriaId: "3E64AEBF-988A-476E-9275-8B42C66F7101", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.0:rc1:*:*:*:*:*:*", matchCriteriaId: "D062707E-A0FC-4A89-A59B-D68EFAFA8683", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "9979189E-737C-48F1-BBB3-2E878EC4D4D7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.", }, { lang: "es", value: "El método CTransaction::FetchInputs en bitcoind y Bitcoin-Qt anterior a v0.8.0rc1 copia transacciones del disco a la memoria sin comprobar de forma incremental \"spent prevouts\", lo que permite a atacantes remotos provocar una denegación de servicio (consumo de disco I/O) a través de una transacción de Bitcoin con muchas entradas correspondientes a diferentes partes de la cadena de bloque almacenado (block chain).", }, ], id: "CVE-2013-2293", lastModified: "2024-11-21T01:51:24.693", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-12T11:28:18.390", references: [ { source: "cve@mitre.org", url: "https://bitcointalk.org/?topic=144122", }, { source: "cve@mitre.org", url: "https://en.bitcoin.it/wiki/CVE-2013-2293", }, { source: "cve@mitre.org", url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bitcointalk.org/?topic=144122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://en.bitcoin.it/wiki/CVE-2013-2293", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-02 12:10
Modified
2024-11-21 01:55
Severity ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.8.0 | |
| bitcoin | bitcoin_core | 0.8.0 | |
| bitcoin | bitcoin_core | 0.8.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.8.0:*:*:*:*:*:*:*", matchCriteriaId: "F1FB8897-6ABE-48D4-A917-571342DF93FB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.8.0:rc1:*:*:*:*:*:*", matchCriteriaId: "DA424B29-2C7E-49FB-AA7B-F27F0489EB63", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.8.1:*:*:*:*:*:*:*", matchCriteriaId: "53B8A243-3A29-4E36-9974-6C19D944E9ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data.", }, { lang: "es", value: "Vulnerabilidad sin especificar en bitcoind y Bitcoin-Qt 0.8.x, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) mediante una gran cantidad de mensajes con datos tx.", }, ], id: "CVE-2013-4627", lastModified: "2024-11-21T01:55:57.720", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-02T12:10:40.493", references: [ { source: "cve@mitre.org", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2024-11-21 01:32
Severity ?
Summary
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.5.0 | |
| bitcoin | wxbitcoin | 0.4.0 | |
| bitcoin | wxbitcoin | 0.4.1 | |
| bitcoin | wxbitcoin | 0.5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*", matchCriteriaId: "8494FF99-5D8C-497A-90E7-3D87807F5997", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*", matchCriteriaId: "74398A03-74B4-4EC4-A15E-047367614EC7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "82B766B4-C3FD-42D8-9F7D-767B9C0C20F4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.4.1:rc6:*:*:*:*:*:*", matchCriteriaId: "87FCC078-AAF9-4FB4-B46E-EEE5D8488B81", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.5.0:rc:*:*:*:*:*:*", matchCriteriaId: "C6A8CB89-F0A1-4E97-A053-CACC378BD8C2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The \"encrypt wallet\" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.", }, { lang: "es", value: "La característica \"encrypt wallet\" en wxBitcoin y en bitcoind v0.4.x y anteriores a v0.4.1, y v0.5.0rc no interactúa adecuadamente con la funcionalidad de eliminación de BSDDB, lo cual permite a atacantes dependiendo del contexto obtener claves privadas no encriptadas desde un fichero de monedero Bitcoin mediante el puenteo de la interfaz de BSDDB y a través de la lectura de entradas que han sido marcadas para su borrado.", }, ], id: "CVE-2011-4447", lastModified: "2024-11-21T01:32:22.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-06T16:55:01.227", references: [ { source: "cve@mitre.org", url: "http://bitcoin.org/releases/2011/11/21/v0.5.0.html", }, { source: "cve@mitre.org", url: "https://bitcointalk.org/index.php?topic=51474.0", }, { source: "cve@mitre.org", url: "https://bitcointalk.org/index.php?topic=51604.0", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bitcoin.org/releases/2011/11/21/v0.5.0.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bitcointalk.org/index.php?topic=51474.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bitcointalk.org/index.php?topic=51604.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-05 17:15
Modified
2024-11-21 04:29
Severity ?
Summary
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947 | Not Applicable | |
| cve@mitre.org | https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b | Third Party Advisory | |
| cve@mitre.org | https://github.com/bitcoin/bitcoin/issues/16824 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202009-18 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/issues/16824 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202009-18 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.18.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.18.0:*:*:*:*:*:*:*", matchCriteriaId: "A0FD6643-BDF8-4B9E-B3FF-27C69C6EA20A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep \"6231 0500\" command.", }, { lang: "es", value: "En Bitcoin Core versión 0.18.0, bitcoin-qt almacena los datos de wallet.dat sin cifrar en la memoria. Ante un bloqueo, puede volcar un archivo core. Si un usuario gestiona de manera incorrecta un archivo core, un atacante puede reconstruir el archivo wallet.dat del usuario, incluidas sus claves privadas, mediante un comando grep \"6231 0500\".", }, ], id: "CVE-2019-15947", lastModified: "2024-11-21T04:29:47.923", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-05T17:15:12.187", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/bitcoin/bitcoin/issues/16824", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202009-18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/oxagast/50a121b2df32186e0c48411859d5861b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/bitcoin/bitcoin/issues/16824", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202009-18", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-02 12:10
Modified
2024-11-21 01:53
Severity ?
Summary
bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:*:rc1:*:*:*:*:*:*", matchCriteriaId: "46FD5DD3-6418-4437-95E0-9B0069257421", versionEndIncluding: "0.4.9", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.4:rc4:*:*:*:*:*:*", matchCriteriaId: "107C630C-68AD-478B-9206-403CCEAE9B90", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.4.8:rc4:*:*:*:*:*:*", matchCriteriaId: "F567F467-E340-4BBA-9D42-DC3445EE09DC", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0:rc1:*:*:*:*:*:*", matchCriteriaId: "27CD6BDE-3732-4863-B855-A0FD022DD62F", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20635DAC-54CF-48C4-979A-7E909A985093", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.1:rc1:*:*:*:*:*:*", matchCriteriaId: "0264EBF9-C104-49C5-9F43-E0CCC73154B7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A2233FD0-6F87-4B8B-BDC9-C633F428BA62", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.7:*:*:*:*:*:*:*", matchCriteriaId: "80FA08FC-3D57-467B-838B-FDF1E67BF609", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.8:rc1:*:*:*:*:*:*", matchCriteriaId: "8D8F8107-6BB7-4C66-A0EC-58AAF841BE8E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.0.10:rc4:*:*:*:*:*:*", matchCriteriaId: "1DB1A621-F271-4120-A642-CAC3D09232AD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "8D758886-F560-4FF6-88DA-C5EEBAACA20F", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.0:rc1:*:*:*:*:*:*", matchCriteriaId: "F473942D-1B5B-4348-9896-9828976A3C00", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "A56DE917-D389-4D60-8586-D4F1DEB9012A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "32A19BEA-853D-4727-B456-FCBAFF36CDD7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.3:rc1:*:*:*:*:*:*", matchCriteriaId: "E741E2B4-6CEE-4C5A-9950-CA8F5A6610DE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "D009847B-E8E7-4472-8260-4A334438C587", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "61F25360-9436-41C9-82CB-39D7FF087C2A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*", matchCriteriaId: "83F460DD-E537-430D-A370-485E0A707560", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*", matchCriteriaId: "BD9264DE-6336-4654-8E8A-A3725B845D23", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*", matchCriteriaId: "B7A0874D-2223-4577-A8E6-93455B9C1DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F5F6B138-0ED9-4205-B544-66C4C60C3A68", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*", matchCriteriaId: "8494FF99-5D8C-497A-90E7-3D87807F5997", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*", matchCriteriaId: "03E74F91-82C2-435C-BB20-3FF25E431B4B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*", matchCriteriaId: "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*", matchCriteriaId: "63681DB5-2644-476C-86AD-D7DCD69AE1FD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*", matchCriteriaId: "42BE2305-B58F-4D12-80B1-AF0BF29E15CA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*", matchCriteriaId: "4FEB8A5B-52A4-4D67-8472-46399998C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*", matchCriteriaId: "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*", matchCriteriaId: "148CF2B0-2C70-47B9-9547-382AE458DCFE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*", matchCriteriaId: "74398A03-74B4-4EC4-A15E-047367614EC7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*", matchCriteriaId: "08AF597D-8BBD-44FE-B0C9-8B03B0350F74", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*", matchCriteriaId: "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*", matchCriteriaId: "A4381211-305A-4FAD-BD0F-56513F153958", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*", matchCriteriaId: "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3D079E05-C980-4257-9B39-D0750BF318D5", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B3013254-B002-4F67-B6A0-747F9F82250E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "27283E3F-E88A-45ED-8BFA-C9C6A09EA642", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*", matchCriteriaId: "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*", matchCriteriaId: "B99F940E-EF59-4150-B980-0C70DC5995DE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*", matchCriteriaId: "9F5744C1-16A1-4617-B3D0-90305DD0C145", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*", matchCriteriaId: "B323C69A-C343-4FF3-BA70-2449A9083907", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "8BA3817C-4DC0-4867-8DD9-7B912602C80E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*", matchCriteriaId: "AAD1B466-3E8D-4179-8AEE-07E51B04D396", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:*:rc1:*:*:*:*:*:*", matchCriteriaId: "EF7AA2D5-4829-4295-8C77-C772665C77E9", versionEndIncluding: "0.4.9", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.4.4:rc4:*:*:*:*:*:*", matchCriteriaId: "CC730AD6-2B5B-47A2-881E-B543ABD77AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.5.7:*:*:*:*:*:*:*", matchCriteriaId: "0430A512-206A-4143-AC5F-C3E0AF19AD6D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.5.8:rc1:*:*:*:*:*:*", matchCriteriaId: "79ECD758-D902-4AD0-8752-AF7F1EDD0F02", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6F0E0AB1-DE49-46EA-AF18-FA9D053E2DBA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.0.10:rc4:*:*:*:*:*:*", matchCriteriaId: "D29BF4F1-A79D-4AED-8D1A-59C58093F621", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "57E4D76A-A84C-49F5-BDED-F64BB4C49972", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.4:rc4:*:*:*:*:*:*", matchCriteriaId: "3E64AEBF-988A-476E-9275-8B42C66F7101", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.5:rc1:*:*:*:*:*:*", matchCriteriaId: "F43E2D53-0126-44D2-A294-3F40E54493CF", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.0:rc1:*:*:*:*:*:*", matchCriteriaId: "D062707E-A0FC-4A89-A59B-D68EFAFA8683", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "9979189E-737C-48F1-BBB3-2E878EC4D4D7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "416E87CB-03CC-4C72-9A41-CEE09A8A4FAD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.3:rc1:*:*:*:*:*:*", matchCriteriaId: "B586D352-78D7-43D3-91A9-3803E69CA63F", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:qitcoin-qt:0.6.4:rc4:*:*:*:*:*:*", matchCriteriaId: "9BC7C187-CD39-4792-AFC6-41E270C0D228", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:qitcoin-qt:0.6.5:rc1:*:*:*:*:*:*", matchCriteriaId: "51F6C875-C053-4E86-81D4-630135E8BACA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking.", }, { lang: "es", value: "bitcoind y Bitcoin-Qt anterior a 0.4.9rc2, 0.5.x anterior a 0.5.8rc2, 0.6.x anterior a 0.6.5rc2, y 0.7.x anterior a 0.7.3rc2, y wxBitcoin, no consideran adecuadamente si un tamaño de bloque podría necesitar un número elevado de cierres en las base de datos, lo que permite a atacantes remotos provocar una denegación de servicio (división) y activar capacidades de \"double-spending\" a través de un gran bloque que provoca un cierre incorrecto de Berkeley DB.", }, ], id: "CVE-2013-3220", lastModified: "2024-11-21T01:53:12.110", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-02T12:10:40.467", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/BIP_0050", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/BIP_0050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-26 18:16
Modified
2024-11-21 06:21
Severity ?
Summary
bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bitcoin/bitcoin/issues/20866 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bitcoin/bitcoin/issues/20866 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "1F64E80F-21E7-4CCB-B18C-439B8864BAE5", versionEndIncluding: "0.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions", }, { lang: "es", value: "** EN DISPUTA ** bitcoind en Bitcoin Core versiones hasta 0.21.0, puede crear un nuevo archivo en un directorio arbitrario (por ejemplo, fuera del directorio ~/.bitcoin) por medio de una llamada RPC dumpwallet NOTA: según se informa, esto no viola el modelo de seguridad de Bitcoin Core, pero puede violar el modelo de seguridad de un fork que haya implementado restricciones de dumpwallet", }, ], id: "CVE-2021-3195", lastModified: "2024-11-21T06:21:07.143", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-26T18:16:28.427", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/bitcoin/bitcoin/issues/20866", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/bitcoin/bitcoin/issues/20866", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2024-11-21 01:38
Severity ?
Summary
The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | bitcoin_core | 0.3.10 | |
| bitcoin | bitcoin_core | 0.3.11 | |
| bitcoin | bitcoin_core | 0.3.12 | |
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | wxbitcoin | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "D009847B-E8E7-4472-8260-4A334438C587", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:rc2:*:*:*:*:*:*", matchCriteriaId: "85185B12-FD03-43E7-85D0-3BF8299A3340", versionEndIncluding: "0.4.4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "61F25360-9436-41C9-82CB-39D7FF087C2A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*", matchCriteriaId: "83F460DD-E537-430D-A370-485E0A707560", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*", matchCriteriaId: "BD9264DE-6336-4654-8E8A-A3725B845D23", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*", matchCriteriaId: "B7A0874D-2223-4577-A8E6-93455B9C1DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F5F6B138-0ED9-4205-B544-66C4C60C3A68", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*", matchCriteriaId: "8494FF99-5D8C-497A-90E7-3D87807F5997", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:*:*:*:*:*:*:*:*", matchCriteriaId: "68AA5321-2756-4741-9437-6D8904A677E5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction.", }, { lang: "es", value: "El protocolo Bitcoin, como se usa en bitcoind anterior a v0.4.4, wxBitcoin, Bitcoin Qt, y otros programas, no maneja adecuadamente las transacciones múltiples con el mismo identificador, lo que permite a atacantes remotos provocar una denegación de servicio (transacción unspendable) mediante el aprovechamiento de la capacidad de crear una transacción coinbase duplicado.", }, ], id: "CVE-2012-1909", lastModified: "2024-11-21T01:38:01.687", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-06T16:55:01.400", references: [ { source: "cve@mitre.org", url: "http://r6.ca/blog/20120206T005236Z.html", }, { source: "cve@mitre.org", url: "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development", }, { source: "cve@mitre.org", url: "https://bitcointalk.org/index.php?topic=67738.0", }, { source: "cve@mitre.org", url: "https://bugs.gentoo.org/show_bug.cgi?id=407793", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/BIP_0030", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://r6.ca/blog/20120206T005236Z.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sourceforge.net/mailarchive/forum.php?thread_name=CAPg%2BsBhmGHnMResVxPDZdfpmWTb9uqD0RrQD7oSXBQq7oHpm8g%40mail.gmail.com&forum_name=bitcoin-development", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bitcointalk.org/index.php?topic=67738.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.gentoo.org/show_bug.cgi?id=407793", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/BIP_0030", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-16", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-09-14 23:55
Modified
2024-11-21 01:43
Severity ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "D009847B-E8E7-4472-8260-4A334438C587", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683.", }, { lang: "es", value: "Vulnerabilidad no especificada en bitcoind y Bitcoin-Qt permite a atacantes causar una denegación de servicio a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2012-4683.", }, ], id: "CVE-2012-4682", lastModified: "2024-11-21T01:43:20.787", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-09-14T23:55:15.137", references: [ { source: "cve@mitre.org", url: "http://www.osvdb.org/85353", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/85353", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-12 21:15
Modified
2024-11-21 04:01
Severity ?
Summary
bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586 | Exploit, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.12.0:rc1:*:*:*:*:*:*", matchCriteriaId: "14CC1402-251D-441D-921F-E6D0933831D3", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.12.0:rc2:*:*:*:*:*:*", matchCriteriaId: "07B7FF50-0406-4648-B873-2F30D711889E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.12.0:rc3:*:*:*:*:*:*", matchCriteriaId: "4E04A666-9C60-4835-A97A-4354FDDB3A19", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.12.0:rc4:*:*:*:*:*:*", matchCriteriaId: "D0742D09-FAFF-4F84-87A8-372ABEE07B9E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.12.0:rc5:*:*:*:*:*:*", matchCriteriaId: "D920FDBD-18C5-4252-95C8-18342739F00E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.12.1:-:*:*:*:*:*:*", matchCriteriaId: "C1E3D81A-E732-4580-BD06-484BBB78F460", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.12.1:rc1:*:*:*:*:*:*", matchCriteriaId: "85F32470-AEE3-498E-99D1-AFCB88813D24", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.12.1:rc2:*:*:*:*:*:*", matchCriteriaId: "C3179A1E-0730-4120-BF67-8F1BA2F84DE3", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.13:*:*:*:*:*:*:*", matchCriteriaId: "5E2A6D5F-6633-4A00-A0A0-FA75EF85F995", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.13.0:-:*:*:*:*:*:*", matchCriteriaId: "4EB034E6-2DEF-475B-A988-342CBE5E3C48", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.13.0:rc1:*:*:*:*:*:*", matchCriteriaId: "FC725933-01E7-457C-ADA8-B61CB9D8B5B4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.13.0:rc2:*:*:*:*:*:*", matchCriteriaId: "1C085D41-3632-4285-B951-6BB64625023D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.13.0:rc3:*:*:*:*:*:*", matchCriteriaId: "25743E75-EE87-4DFD-8DF5-A367602F2640", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.13.1:-:*:*:*:*:*:*", matchCriteriaId: "AD791670-C4F8-486E-A891-E49BAC240F9B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.13.1:rc1:*:*:*:*:*:*", matchCriteriaId: "F32CC982-950A-4EE7-AECC-972FBFB71606", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.13.1:rc2:*:*:*:*:*:*", matchCriteriaId: "C30AEEE6-BB5A-4B85-90E8-7D9E3C71A9AA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.13.1:rc3:*:*:*:*:*:*", matchCriteriaId: "16F7423D-02CD-4734-A598-784F448DFD76", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.13.2:-:*:*:*:*:*:*", matchCriteriaId: "1834BD1D-59B2-471C-84C1-588A276B4087", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.13.2:rc1:*:*:*:*:*:*", matchCriteriaId: "D8B8D112-ADF2-4441-9C3B-0E8188F51540", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.14.0:-:*:*:*:*:*:*", matchCriteriaId: "120F19E5-E58D-4E40-8BA4-B0A6465FDC0E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.14.0:rc1:*:*:*:*:*:*", matchCriteriaId: "A4E12E54-BB09-472B-93A6-12A77AF854AB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.14.0:rc2:*:*:*:*:*:*", matchCriteriaId: "4775D0C9-AB2E-459B-925F-B1832E2F142C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.14.0:rc3:*:*:*:*:*:*", matchCriteriaId: "E5E1FAB0-FAB8-484C-B9F6-D85775DF2908", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.14.1:-:*:*:*:*:*:*", matchCriteriaId: "8E03BEFD-5E87-4704-9E42-6A6A3D56078E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.14.1:rc1:*:*:*:*:*:*", matchCriteriaId: "1790406B-3447-46A1-8E71-32BB31A6BA79", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.14.1:rc2:*:*:*:*:*:*", matchCriteriaId: "2D8AE957-086A-4AE1-8C90-2263A5ADF175", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.14.2:-:*:*:*:*:*:*", matchCriteriaId: "7CC69D1A-A88C-4D7C-9583-705E6BD09309", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.14.2:rc1:*:*:*:*:*:*", matchCriteriaId: "7D126937-7A31-4E1D-9CD7-5A2FB4FBCA99", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.14.2:rc2:*:*:*:*:*:*", matchCriteriaId: "A5297725-6D47-4C73-BFA1-7332609CC90A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.14.3:*:*:*:*:*:*:*", matchCriteriaId: "2AA05B76-AC3F-492E-8CF1-18F20ABF05BC", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.15.0:-:*:*:*:*:*:*", matchCriteriaId: "1559EDBE-5654-48A2-8DB2-DAE50AAC7D1A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.15.0:rc1:*:*:*:*:*:*", matchCriteriaId: "5E4632E3-0D58-42EC-931C-4B8477694489", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.15.0:rc2:*:*:*:*:*:*", matchCriteriaId: "B199B1BC-6AA5-441A-A8D8-64B98CC6D52E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.15.0:rc3:*:*:*:*:*:*", matchCriteriaId: "952CE418-B490-487D-9893-0A3F4C30B992", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.15.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7AAFA18E-4DC6-4FCD-8459-C9E8D5177685", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.15.1:-:*:*:*:*:*:*", matchCriteriaId: "A727FB31-FD4F-4AA0-821B-8D1B4B653D14", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.15.1:rc1:*:*:*:*:*:*", matchCriteriaId: "0962E3AF-CD06-4DDF-B64E-F537F4646D87", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.15.2:*:*:*:*:*:*:*", matchCriteriaId: "5DCF8D36-67BB-4C75-9EC5-688FED31085E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.16.0:-:*:*:*:*:*:*", matchCriteriaId: "E8516496-5BEF-4698-8D32-6C1C7AD0734C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.16.0:rc1:*:*:*:*:*:*", matchCriteriaId: "0F20180A-B4E5-47EB-816D-50B1E1D85B44", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.16.0:rc2:*:*:*:*:*:*", matchCriteriaId: "15341D0B-9B8C-4DB5-90A2-F4CD938E9FC0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.16.0:rc3:*:*:*:*:*:*", matchCriteriaId: "EBE19710-731E-48BE-B4E3-77F851D670E4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.16.0:rc4:*:*:*:*:*:*", matchCriteriaId: "DA04CEED-B65D-4369-A03C-8AFBEDDBE4F7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.16.1:-:*:*:*:*:*:*", matchCriteriaId: "1FCF76F3-2051-42BC-B742-6C631EBA1B84", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.16.1:rc1:*:*:*:*:*:*", matchCriteriaId: "E760CF3A-4ABE-48C0-9219-699A3A524B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.16.1:rc2:*:*:*:*:*:*", matchCriteriaId: "35A3299D-4AEC-4435-AC20-AB3ECB76E490", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.16.2:-:*:*:*:*:*:*", matchCriteriaId: "6FCFB843-B726-4FF4-ADC5-E78D16D8579E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.16.2:rc1:*:*:*:*:*:*", matchCriteriaId: "BC88FE65-B525-46D2-A4F4-02F5906744D2", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.16.2:rc2:*:*:*:*:*:*", matchCriteriaId: "170B7847-9A1A-42E2-9376-BCC4D6CE7279", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.16.3:*:*:*:*:*:*:*", matchCriteriaId: "EA98291E-418D-4184-887D-2BD3F4723503", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.17.0:-:*:*:*:*:*:*", matchCriteriaId: "0C9CB378-9964-46BC-A6B2-3678C29DA37A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.", }, { lang: "es", value: "bitcoind y Bitcoin-Qt versiones anteriores a 0.17.1, permiten una inyección de datos arbitrarios en el registro de depuración por medio de una llamada RPC.", }, ], id: "CVE-2018-20586", lastModified: "2024-11-21T04:01:47.390", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-12T21:15:12.623", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-116", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2024-11-21 01:22
Severity ?
Summary
wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | wxbitcoin | 0.3.4 | |
| bitcoin | wxbitcoin | 0.3.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "112B0DB9-99BC-42A7-9991-92E73462701E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "75F6B20E-2957-4CCE-B9A4-692A4342BC67", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.", }, { lang: "es", value: "wxBitcoin y bitcoind v0.3.x permite a atacantes remotos causar una denegación de servicio (consumo de electricidad) a través de una transacción Bitcoin que contiene múltiples códigos de operación OP_CHECKSIG.", }, ], id: "CVE-2010-5138", lastModified: "2024-11-21T01:22:32.913", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-06T16:55:01.023", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-12 11:28
Modified
2024-11-21 01:43
Severity ?
Summary
The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "8D758886-F560-4FF6-88DA-C5EEBAACA20F", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "61F25360-9436-41C9-82CB-39D7FF087C2A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*", matchCriteriaId: "83F460DD-E537-430D-A370-485E0A707560", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*", matchCriteriaId: "BD9264DE-6336-4654-8E8A-A3725B845D23", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*", matchCriteriaId: "B7A0874D-2223-4577-A8E6-93455B9C1DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F5F6B138-0ED9-4205-B544-66C4C60C3A68", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*", matchCriteriaId: "8494FF99-5D8C-497A-90E7-3D87807F5997", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*", matchCriteriaId: "03E74F91-82C2-435C-BB20-3FF25E431B4B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*", matchCriteriaId: "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*", matchCriteriaId: "63681DB5-2644-476C-86AD-D7DCD69AE1FD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*", matchCriteriaId: "42BE2305-B58F-4D12-80B1-AF0BF29E15CA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*", matchCriteriaId: "4FEB8A5B-52A4-4D67-8472-46399998C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*", matchCriteriaId: "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*", matchCriteriaId: "148CF2B0-2C70-47B9-9547-382AE458DCFE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*", matchCriteriaId: "74398A03-74B4-4EC4-A15E-047367614EC7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*", matchCriteriaId: "08AF597D-8BBD-44FE-B0C9-8B03B0350F74", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*", matchCriteriaId: "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*", matchCriteriaId: "A4381211-305A-4FAD-BD0F-56513F153958", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*", matchCriteriaId: "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3D079E05-C980-4257-9B39-D0750BF318D5", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B3013254-B002-4F67-B6A0-747F9F82250E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "27283E3F-E88A-45ED-8BFA-C9C6A09EA642", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*", matchCriteriaId: "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*", matchCriteriaId: "B99F940E-EF59-4150-B980-0C70DC5995DE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*", matchCriteriaId: "9F5744C1-16A1-4617-B3D0-90305DD0C145", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*", matchCriteriaId: "B323C69A-C343-4FF3-BA70-2449A9083907", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "8BA3817C-4DC0-4867-8DD9-7B912602C80E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*", matchCriteriaId: "AAD1B466-3E8D-4179-8AEE-07E51B04D396", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "57E4D76A-A84C-49F5-BDED-F64BB4C49972", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "112B0DB9-99BC-42A7-9991-92E73462701E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "75F6B20E-2957-4CCE-B9A4-692A4342BC67", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "DC9C5F2E-EFD7-4F92-BD58-91F9AFB0B15E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.10:*:*:*:*:*:*:*", matchCriteriaId: "5665049D-5326-496F-82B9-FD65808F934B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.11:*:*:*:*:*:*:*", matchCriteriaId: "1DDD2B05-34F6-4C5F-9443-FE67F9B86113", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "82B766B4-C3FD-42D8-9F7D-767B9C0C20F4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "B7403B4E-912F-40F0-978C-C7D59AC92CDD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.4.1:rc6:*:*:*:*:*:*", matchCriteriaId: "87FCC078-AAF9-4FB4-B46E-EEE5D8488B81", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.5.0:rc:*:*:*:*:*:*", matchCriteriaId: "C6A8CB89-F0A1-4E97-A053-CACC378BD8C2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert.", }, { lang: "es", value: "La funcionalidad Alert en bitcoind y Bitcoin-Qt anterior a v0.7.0 soporta diferentes representaciones de caractéres de la misma firma de datos, pero depende del hash de esta firma, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de recursos) a través de una firma válida modificada para una alerta circulante.", }, ], id: "CVE-2012-4684", lastModified: "2024-11-21T01:43:21.067", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-12T11:28:18.313", references: [ { source: "cve@mitre.org", url: "https://bitcointalk.org/index.php?topic=148109.0", }, { source: "cve@mitre.org", url: "https://bitcointalk.org/index.php?topic=8392.0", }, { source: "cve@mitre.org", url: "https://en.bitcoin.it/wiki/CVE-2012-4684", }, { source: "cve@mitre.org", url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bitcointalk.org/index.php?topic=148109.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bitcointalk.org/index.php?topic=8392.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://en.bitcoin.it/wiki/CVE-2012-4684", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2024-11-21 01:41
Severity ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.2 | |
| bitcoin | bitcoin_core | 0.4.3 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.5 | |
| bitcoin | bitcoin_core | 0.4.6 | |
| bitcoin | bitcoin_core | 0.4.7 | |
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.5.0 | |
| bitcoin | bitcoin_core | 0.5.1 | |
| bitcoin | bitcoin_core | 0.5.3 | |
| bitcoin | bitcoin_core | 0.5.3.1 | |
| bitcoin | bitcoin_core | 0.5.4 | |
| bitcoin | bitcoin_core | 0.5.5 | |
| bitcoin | bitcoin_core | 0.5.6 | |
| bitcoin | bitcoin_core | 0.6.0.1 | |
| bitcoin | bitcoin_core | 0.6.0.2 | |
| bitcoin | bitcoin_core | 0.6.0.3 | |
| bitcoin | bitcoin_core | 0.6.0.4 | |
| bitcoin | bitcoin_core | 0.6.0.5 | |
| bitcoin | bitcoin_core | 0.6.0.6 | |
| bitcoin | bitcoin_core | 0.6.0.7 | |
| bitcoin | bitcoin_core | 0.6.0.8 | |
| bitcoin | bitcoin_core | 0.6.0 | |
| bitcoin | bitcoin_core | 0.6.0 | |
| bitcoin | bitcoin_core | 0.6.1 | |
| bitcoin | bitcoin_core | 0.6.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F5F6B138-0ED9-4205-B544-66C4C60C3A68", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*", matchCriteriaId: "8494FF99-5D8C-497A-90E7-3D87807F5997", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*", matchCriteriaId: "03E74F91-82C2-435C-BB20-3FF25E431B4B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*", matchCriteriaId: "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*", matchCriteriaId: "63681DB5-2644-476C-86AD-D7DCD69AE1FD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*", matchCriteriaId: "42BE2305-B58F-4D12-80B1-AF0BF29E15CA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*", matchCriteriaId: "4FEB8A5B-52A4-4D67-8472-46399998C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*", matchCriteriaId: "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*", matchCriteriaId: "148CF2B0-2C70-47B9-9547-382AE458DCFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:rc2:*:*:*:*:*:*", matchCriteriaId: "EC931DAC-BDB5-4F55-BFF3-519F9B6C63FF", versionEndIncluding: "0.5.6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*", matchCriteriaId: "74398A03-74B4-4EC4-A15E-047367614EC7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8B4715C1-22BF-495B-BA99-B4D7D64B5BD0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*", matchCriteriaId: "08AF597D-8BBD-44FE-B0C9-8B03B0350F74", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*", matchCriteriaId: "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*", matchCriteriaId: "A4381211-305A-4FAD-BD0F-56513F153958", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*", matchCriteriaId: "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3D079E05-C980-4257-9B39-D0750BF318D5", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B3013254-B002-4F67-B6A0-747F9F82250E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "27283E3F-E88A-45ED-8BFA-C9C6A09EA642", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*", matchCriteriaId: "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*", matchCriteriaId: "B99F940E-EF59-4150-B980-0C70DC5995DE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*", matchCriteriaId: "9F5744C1-16A1-4617-B3D0-90305DD0C145", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*", matchCriteriaId: "B323C69A-C343-4FF3-BA70-2449A9083907", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0:rc1:*:*:*:*:*:*", matchCriteriaId: "A292912B-A5F1-4F90-81E6-0A3CA69166D3", vulnerable: false, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0:rc3:*:*:*:*:*:*", matchCriteriaId: "7F27334D-1CD6-4002-A5E4-9DA9F21E6FF1", vulnerable: false, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "8BA3817C-4DC0-4867-8DD9-7B912602C80E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*", matchCriteriaId: "AAD1B466-3E8D-4179-8AEE-07E51B04D396", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network.", }, { lang: "es", value: "Vulnerabilidad no especificada en bitcoind y Bitcoin-Qt anterior a v0.4.7rc3, v0.5.x anterior a v0.5.6rc3, v0.6.0.x anterior a v0.6.0.9rc1, y v0.6.x anterior a v0.6.3rc1 permite a atacantes remotos causar una denegación de servicio (proceso de bloqueo) a través de un comportamiento desconocido en una red Bitcoin.", }, ], id: "CVE-2012-3789", lastModified: "2024-11-21T01:41:37.343", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-06T16:55:05.993", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-07 00:15
Modified
2024-11-21 08:11
Severity ?
Summary
Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bitcoin.org/en/bitcoin-core/ | Product | |
| cve@mitre.org | https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=oEl4M1oZim0 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitcoin.org/en/bitcoin-core/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=oEl4M1oZim0 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | 22.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:22.0:*:*:*:*:*:*:*", matchCriteriaId: "48C9311E-0E15-4879-81C2-38F2A2338F53", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.", }, { lang: "es", value: "Los problemas de gestión de memoria y protección en Bitcoin Core v22 permiten a los atacantes modificar la dirección de envío almacenada en la memoria de la aplicación, lo que potencialmente les permite redirigir las transacciones de Bitcoin a los monederos de su elección. ", }, ], id: "CVE-2023-37192", lastModified: "2024-11-21T08:11:09.863", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-07T00:15:10.297", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "https://bitcoin.org/en/bitcoin-core/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.youtube.com/watch?v=oEl4M1oZim0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://bitcoin.org/en/bitcoin-core/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://satoshihunter1.blogspot.com/2023/06/the-bitcoin-app-is-vulnerable-to-hackers.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.youtube.com/watch?v=oEl4M1oZim0", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-311", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2024-11-21 01:22
Severity ?
Summary
Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | wxbitcoin | * | |
| bitcoin | wxbitcoin | 0.3.4 | |
| bitcoin | wxbitcoin | 0.3.5 | |
| bitcoin | wxbitcoin | 0.3.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "A7E1D315-94D2-4FFB-A494-0E19760F11A5", versionEndIncluding: "0.3.10", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "61F25360-9436-41C9-82CB-39D7FF087C2A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:*:*:*:*:*:*:*:*", matchCriteriaId: "CFEB411E-F3C9-4F2D-9166-237A1D542089", versionEndIncluding: "0.3.10", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "112B0DB9-99BC-42A7-9991-92E73462701E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "75F6B20E-2957-4CCE-B9A4-692A4342BC67", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "DC9C5F2E-EFD7-4F92-BD58-91F9AFB0B15E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.", }, { lang: "es", value: "Desbordamiento de entero en wxBitcoin y bitcoind anteriores a v0.3.11 que permite a atacantes remotos eludir las restricciones económicas impuestas y crear un gran número de Bitcoins a través de una transacción Bitcoin modificada.", }, ], id: "CVE-2010-5139", lastModified: "2024-11-21T01:22:33.067", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-06T16:55:01.070", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://bitcointalk.org/index.php?topic=822.0", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://bitcointalk.org/index.php?topic=822.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2024-11-21 01:22
Severity ?
Summary
wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://en.bitcoin.it/wiki/CVEs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | wxbitcoin | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "55AA4A6A-8435-4AB6-B0ED-67FBE5BD8DFE", versionEndIncluding: "0.3.4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:*:*:*:*:*:*:*:*", matchCriteriaId: "5EC0E465-8C7C-40F9-BFB9-77BA8B36D479", versionEndIncluding: "0.3.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors.", }, { lang: "es", value: "wxBitcoin y bitcoind anteriores a v0.3.5 no manejan correctamente los códigos de operación de secuencias de comandos en las transacciones Bitcoin, que permite a atacantes remotos gastar dinero Bitcoin que pertenece a otros usuarios a través de vectores no especificados.", }, ], id: "CVE-2010-5141", lastModified: "2024-11-21T01:22:33.393", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-06T16:55:01.180", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-05 22:29
Modified
2024-11-21 02:44
Severity ?
Summary
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin-qt | * | |
| bitcoin | bitcoind | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "C55186E2-552A-4CFB-9E1D-016E62AD44FB", versionEndExcluding: "0.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:*:*:*:*:*:*:*:*", matchCriteriaId: "7B37C74F-E3A1-4FE4-8731-263D83D404DE", versionEndExcluding: "0.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:*:*:*:*:*:*:*:*", matchCriteriaId: "CD637BBB-45AB-4DC3-A048-DCBD894CE390", versionEndExcluding: "0.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Bitcoin Core before v0.13.0, a non-final alert is able to block the special \"final alert\" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.", }, { lang: "es", value: "En Bitcoin Core en versiones anteriores a la v0.13.0, una alerta no final puede bloquear la \"alerta final\" especial (que se supone que debe anteponerse a todas las otras alertas) debido a que las operaciones ocurren en el orden incorrecto. Este comportamiento ocurren en el sistema de alertas de red remoto (obsoleto desde el primer trimestre de 2016). Esto afecta a otros usos del código base, como Bitcoin Knots en versiones anteriores a la v0.13.0.knots20160814 y otros altcoins.", }, ], id: "CVE-2016-10725", lastModified: "2024-11-21T02:44:36.137", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-05T22:29:00.327", references: [ { source: "cve@mitre.org", url: "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "cve@mitre.org", url: "https://github.com/JinBean/CVE-Extension", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/JinBean/CVE-Extension", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-16 20:15
Modified
2024-11-21 03:10
Severity ?
Summary
Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "1FF2E80C-6192-4654-A3A6-2177A57E1D45", versionEndExcluding: "0.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.", }, { lang: "es", value: "Bitcoin Core versiones anteriores a 0.14, permite a un atacante crear una prueba SPV ostensiblemente válida para un pago a una víctima que utiliza una billetera SPV, incluso si ese pago no es realizado realmente. Completar el ataque costaría más de un millón de dólares, y es relevante principalmente solo en situaciones donde un sistema autónomo se basa únicamente en una prueba SPV para transacciones de un monto mayor en dólares.", }, ], id: "CVE-2017-12842", lastModified: "2024-11-21T03:10:17.223", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-16T20:15:12.423", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-12 11:28
Modified
2024-11-21 01:51
Severity ?
Summary
bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.4:rc4:*:*:*:*:*:*", matchCriteriaId: "107C630C-68AD-478B-9206-403CCEAE9B90", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.4.8:rc4:*:*:*:*:*:*", matchCriteriaId: "F567F467-E340-4BBA-9D42-DC3445EE09DC", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0:rc1:*:*:*:*:*:*", matchCriteriaId: "27CD6BDE-3732-4863-B855-A0FD022DD62F", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20635DAC-54CF-48C4-979A-7E909A985093", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.1:rc1:*:*:*:*:*:*", matchCriteriaId: "0264EBF9-C104-49C5-9F43-E0CCC73154B7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A2233FD0-6F87-4B8B-BDC9-C633F428BA62", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.5.7:*:*:*:*:*:*:*", matchCriteriaId: "80FA08FC-3D57-467B-838B-FDF1E67BF609", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.0.10:rc4:*:*:*:*:*:*", matchCriteriaId: "1DB1A621-F271-4120-A642-CAC3D09232AD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "8D758886-F560-4FF6-88DA-C5EEBAACA20F", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.0:rc1:*:*:*:*:*:*", matchCriteriaId: "F473942D-1B5B-4348-9896-9828976A3C00", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "A56DE917-D389-4D60-8586-D4F1DEB9012A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "32A19BEA-853D-4727-B456-FCBAFF36CDD7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "D009847B-E8E7-4472-8260-4A334438C587", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "1C3EBE93-A104-407F-A615-E64F65777CC4", versionEndIncluding: "0.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "61F25360-9436-41C9-82CB-39D7FF087C2A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*", matchCriteriaId: "83F460DD-E537-430D-A370-485E0A707560", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*", matchCriteriaId: "BD9264DE-6336-4654-8E8A-A3725B845D23", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*", matchCriteriaId: "B7A0874D-2223-4577-A8E6-93455B9C1DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F5F6B138-0ED9-4205-B544-66C4C60C3A68", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*", matchCriteriaId: "8494FF99-5D8C-497A-90E7-3D87807F5997", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.2:*:*:*:*:*:*:*", matchCriteriaId: "03E74F91-82C2-435C-BB20-3FF25E431B4B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.3:*:*:*:*:*:*:*", matchCriteriaId: "4596F85F-66DA-46DB-BF7B-BB1C01E0B67C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*", matchCriteriaId: "63681DB5-2644-476C-86AD-D7DCD69AE1FD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*", matchCriteriaId: "42BE2305-B58F-4D12-80B1-AF0BF29E15CA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.5:*:*:*:*:*:*:*", matchCriteriaId: "4FEB8A5B-52A4-4D67-8472-46399998C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.6:*:*:*:*:*:*:*", matchCriteriaId: "AACA3639-4F17-4E4E-BBFF-23D6252DDB8C", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.7:rc2:*:*:*:*:*:*", matchCriteriaId: "148CF2B0-2C70-47B9-9547-382AE458DCFE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*", matchCriteriaId: "74398A03-74B4-4EC4-A15E-047367614EC7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3:*:*:*:*:*:*:*", matchCriteriaId: "08AF597D-8BBD-44FE-B0C9-8B03B0350F74", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "EBEC9080-8DE2-4E55-AC46-AE9D42AC174D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.4:*:*:*:*:*:*:*", matchCriteriaId: "EAA8B1F0-BC5C-4358-9A0A-3753E8566BF2", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.5:*:*:*:*:*:*:*", matchCriteriaId: "A4381211-305A-4FAD-BD0F-56513F153958", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.6:rc2:*:*:*:*:*:*", matchCriteriaId: "0AA1D165-3E63-4B9F-AC17-CCDD2BEF5E3B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3D079E05-C980-4257-9B39-D0750BF318D5", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B3013254-B002-4F67-B6A0-747F9F82250E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6312FFC8-EF3F-4B74-8000-080C3FBA1AE0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "27283E3F-E88A-45ED-8BFA-C9C6A09EA642", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.5:*:*:*:*:*:*:*", matchCriteriaId: "73BE7AA5-D1A4-4F2E-9D97-9649E6F42B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.6:*:*:*:*:*:*:*", matchCriteriaId: "B99F940E-EF59-4150-B980-0C70DC5995DE", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.7:*:*:*:*:*:*:*", matchCriteriaId: "9F5744C1-16A1-4617-B3D0-90305DD0C145", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.0.8:*:*:*:*:*:*:*", matchCriteriaId: "B323C69A-C343-4FF3-BA70-2449A9083907", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "8BA3817C-4DC0-4867-8DD9-7B912602C80E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.6.2:*:*:*:*:*:*:*", matchCriteriaId: "AAD1B466-3E8D-4179-8AEE-07E51B04D396", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.4.4:rc4:*:*:*:*:*:*", matchCriteriaId: "CC730AD6-2B5B-47A2-881E-B543ABD77AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.5.7:*:*:*:*:*:*:*", matchCriteriaId: "0430A512-206A-4143-AC5F-C3E0AF19AD6D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6F0E0AB1-DE49-46EA-AF18-FA9D053E2DBA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.0.10:rc4:*:*:*:*:*:*", matchCriteriaId: "D29BF4F1-A79D-4AED-8D1A-59C58093F621", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "57E4D76A-A84C-49F5-BDED-F64BB4C49972", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.6.4:rc4:*:*:*:*:*:*", matchCriteriaId: "3E64AEBF-988A-476E-9275-8B42C66F7101", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.0:rc1:*:*:*:*:*:*", matchCriteriaId: "D062707E-A0FC-4A89-A59B-D68EFAFA8683", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "9979189E-737C-48F1-BBB3-2E878EC4D4D7", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "416E87CB-03CC-4C72-9A41-CEE09A8A4FAD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.", }, { lang: "es", value: "Bitcoind y Bitcoin-Qt v0.8.0 y anteriores permiten a atacantes remotos provocar una denegación de servicio por minar un bloque para crear una transacción Bitcoin no estándar opcodes OP_CHECKSIG.", }, ], id: "CVE-2013-2292", lastModified: "2024-11-21T01:51:24.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-12T11:28:18.373", references: [ { source: "cve@mitre.org", url: "https://bitcointalk.org/?topic=140078", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bitcointalk.org/?topic=140078", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-05 22:29
Modified
2024-11-21 02:44
Severity ?
Summary
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin-qt | * | |
| bitcoin | bitcoind | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "C55186E2-552A-4CFB-9E1D-016E62AD44FB", versionEndExcluding: "0.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:*:*:*:*:*:*:*:*", matchCriteriaId: "7B37C74F-E3A1-4FE4-8731-263D83D404DE", versionEndExcluding: "0.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoind:*:*:*:*:*:*:*:*", matchCriteriaId: "CD637BBB-45AB-4DC3-A048-DCBD894CE390", versionEndExcluding: "0.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.", }, { lang: "es", value: "Bitcoin Core en versiones anteriores a la v0.13.0 permite una denegación de servicio (DoS) desencadenada por el sistema de alertas de red remoto (obsoleto desde el primer trimestre de 2016) si un atacante puede firmar un mensaje con una clave privada determinada que sea conocida por actores no planeados debido a un mapa de tamaño infinito. Esto afecta a otros usos del código base, como Bitcoin Knots en versiones anteriores a la v0.13.0.knots20160814 y otros altcoins.", }, ], id: "CVE-2016-10724", lastModified: "2024-11-21T02:44:35.993", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-05T22:29:00.233", references: [ { source: "cve@mitre.org", url: "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "cve@mitre.org", url: "https://github.com/JinBean/CVE-Extension", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bitcoin.org/en/posts/alert-key-and-vulnerabilities-disclosure", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/JinBean/CVE-Extension", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-10 11:28
Modified
2024-11-21 01:57
Severity ?
Summary
The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin-qt | 0.8.2 | |
| bitcoin | bitcoin-qt | 0.8.2 | |
| bitcoin | bitcoin-qt | 0.8.2 | |
| bitcoin | bitcoin-qt | 0.8.2 | |
| bitcoin | bitcoin-qt | 0.8.3 | |
| bitcoin | bitcoin_core | 0.8.0 | |
| bitcoin | bitcoin_core | 0.8.0 | |
| bitcoin | bitcoin_core | 0.8.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.8.2:*:*:*:*:*:*:*", matchCriteriaId: "3F7A15A8-462D-4B96-8914-FF6665A5EBA4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.8.2:rc1:*:*:*:*:*:*", matchCriteriaId: "440CBFFD-CAF5-4133-910E-9AA04FC2D97D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.8.2:rc2:*:*:*:*:*:*", matchCriteriaId: "0EF2DF3D-A267-4923-A281-29A8AF4BED1D", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.8.2:rc3:*:*:*:*:*:*", matchCriteriaId: "E77F36FC-34E6-499D-9143-B7B56F75FA96", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin-qt:0.8.3:*:*:*:*:*:*:*", matchCriteriaId: "535357F4-3B07-4C32-83B3-AD1E92FD788B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.8.0:*:*:*:*:*:*:*", matchCriteriaId: "F1FB8897-6ABE-48D4-A917-571342DF93FB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.8.0:rc1:*:*:*:*:*:*", matchCriteriaId: "DA424B29-2C7E-49FB-AA7B-F27F0489EB63", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.8.1:*:*:*:*:*:*:*", matchCriteriaId: "53B8A243-3A29-4E36-9974-6C19D944E9ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages.", }, { lang: "es", value: "La implementación del Filtro Bloom en bitcoind y Bitcoin-Qt 0.8.x anteriores a 0.8.4rc1 permite a atacantes remotos causar una denegación de servicio (error de división entre 0 y caída del demonio) a través de una secuencia de mensajes manipulada.", }, ], id: "CVE-2013-5700", lastModified: "2024-11-21T01:57:57.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-10T11:28:41.127", references: [ { source: "cve@mitre.org", url: "https://bitcointalk.org/index.php?topic=287351", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bitcointalk.org/index.php?topic=287351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-22 05:15
Modified
2025-01-28 18:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "DD299C72-AD8C-479D-9606-2CE3FEA945FB", versionEndExcluding: "24.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.", }, ], id: "CVE-2023-33297", lastModified: "2025-01-28T18:15:32.103", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-22T05:15:09.460", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/bitcoin/bitcoin/issues/27586", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/bitcoin/bitcoin/issues/27623", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/bitcoin/bitcoin/pull/27610", }, { source: "cve@mitre.org", url: "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544", }, { source: "cve@mitre.org", url: "https://github.com/visualbasic6/drain", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/", }, { source: "cve@mitre.org", url: "https://x.com/123456/status/1711601593399828530", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/bitcoin/bitcoin/issues/27586", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/bitcoin/bitcoin/issues/27623", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/bitcoin/bitcoin/pull/27610", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/visualbasic6/drain", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://x.com/123456/status/1711601593399828530", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2024-11-21 01:39
Severity ?
Summary
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | bitcoin_core | 0.3.10 | |
| bitcoin | bitcoin_core | 0.3.11 | |
| bitcoin | bitcoin_core | 0.3.12 | |
| bitcoin | bitcoin_core | 0.4.0 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.1 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.4.4 | |
| bitcoin | bitcoin_core | 0.5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "85E8828B-3A7D-46C8-B73E-40A7C20DFC50", versionEndIncluding: "0.4.5", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "61F25360-9436-41C9-82CB-39D7FF087C2A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*", matchCriteriaId: "83F460DD-E537-430D-A370-485E0A707560", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*", matchCriteriaId: "BD9264DE-6336-4654-8E8A-A3725B845D23", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.12:*:*:*:*:*:*:*", matchCriteriaId: "B7A0874D-2223-4577-A8E6-93455B9C1DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0C15FA7C-F87A-45F5-B6A3-5E2DA63AACB6", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F5F6B138-0ED9-4205-B544-66C4C60C3A68", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.1:rc6:*:*:*:*:*:*", matchCriteriaId: "8494FF99-5D8C-497A-90E7-3D87807F5997", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:*:*:*:*:*:*:*", matchCriteriaId: "63681DB5-2644-476C-86AD-D7DCD69AE1FD", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.4.4:rc2:*:*:*:*:*:*", matchCriteriaId: "42BE2305-B58F-4D12-80B1-AF0BF29E15CA", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.5.0:rc:*:*:*:*:*:*", matchCriteriaId: "74398A03-74B4-4EC4-A15E-047367614EC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.", }, { lang: "es", value: "Vulnerabilidad no especificada en bitcoind y Bitcoin-Qt anterior a v0.4.6, v0.5.x anterior a v0.5.5, v0.6.0.7 0.6.0.x, y v0.6.x anterior a v0.6.2 permite a atacantes remotos causar una denegación de servicio (bloque de procesamiento de interrupción y el recuento de bloque incorrecta) a través de un comportamiento desconocido en una red Bitcoin.", }, ], id: "CVE-2012-2459", lastModified: "2024-11-21T01:39:08.147", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-06T16:55:03.307", references: [ { source: "cve@mitre.org", url: "https://bitcointalk.org/?topic=81749", }, { source: "cve@mitre.org", url: "https://bugs.gentoo.org/show_bug.cgi?id=415973", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bitcointalk.org/?topic=81749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.gentoo.org/show_bug.cgi?id=415973", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-06 16:55
Modified
2024-11-21 01:22
Severity ?
Summary
wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * | |
| bitcoin | bitcoin_core | 0.3.4 | |
| bitcoin | bitcoin_core | 0.3.5 | |
| bitcoin | bitcoin_core | 0.3.8 | |
| bitcoin | bitcoin_core | 0.3.10 | |
| bitcoin | bitcoin_core | 0.3.11 | |
| bitcoin | wxbitcoin | * | |
| bitcoin | wxbitcoin | 0.3.4 | |
| bitcoin | wxbitcoin | 0.3.5 | |
| bitcoin | wxbitcoin | 0.3.8 | |
| bitcoin | wxbitcoin | 0.3.10 | |
| bitcoin | wxbitcoin | 0.3.11 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "329ECA8A-7D87-4E10-8DED-83EB412D5E33", versionEndIncluding: "0.3.12", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "1CD19345-15B5-4B2F-B3B9-4D57CCBFFF96", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "F0499EA1-85AD-48EC-A8D0-CBEDB85429AB", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "61F25360-9436-41C9-82CB-39D7FF087C2A", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.10:*:*:*:*:*:*:*", matchCriteriaId: "83F460DD-E537-430D-A370-485E0A707560", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:0.3.11:*:*:*:*:*:*:*", matchCriteriaId: "BD9264DE-6336-4654-8E8A-A3725B845D23", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:*:*:*:*:*:*:*:*", matchCriteriaId: "157D51F6-2BDD-4C85-9325-F12A44426000", versionEndIncluding: "0.3.12", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "112B0DB9-99BC-42A7-9991-92E73462701E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.5:*:*:*:*:*:*:*", matchCriteriaId: "75F6B20E-2957-4CCE-B9A4-692A4342BC67", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "DC9C5F2E-EFD7-4F92-BD58-91F9AFB0B15E", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.10:*:*:*:*:*:*:*", matchCriteriaId: "5665049D-5326-496F-82B9-FD65808F934B", vulnerable: true, }, { criteria: "cpe:2.3:a:bitcoin:wxbitcoin:0.3.11:*:*:*:*:*:*:*", matchCriteriaId: "1DDD2B05-34F6-4C5F-9443-FE67F9B86113", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees.", }, { lang: "es", value: "wxBitcoin y bitcoind anteriores a v0.3.13 no gestionan correctamente Bitcoins asociados a las transacciones Bitcoin que tienen cero confirmaciones, lo que permite a atacantes remotos provocar una denegación de servicio (transacciones no válidas masivas) mediante el envío de transacciones de bajo valor, sin comisiones por transacción.", }, ], id: "CVE-2010-5140", lastModified: "2024-11-21T01:22:33.227", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-08-06T16:55:01.133", references: [ { source: "cve@mitre.org", url: "http://www.bitcoin.org/smf/index.php?topic=1306.0", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.bitcoin.org/smf/index.php?topic=1306.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/CVEs", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-12 21:15
Modified
2024-11-21 02:29
Severity ?
Summary
bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitcoin | bitcoin_core | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", matchCriteriaId: "4733A119-21AA-4EBD-A65F-24F118775990", versionEndExcluding: "0.10.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an \"Easy\" attack.", }, { lang: "es", value: "bitcoind y Bitcoin-Qt versiones anteriores a 0.10.2, permiten a atacantes causar una denegación de servicio (funcionalidad desactivada tal y como un bloqueo de aplicación cliente) por medio de un ataque \"Easy\".", }, ], id: "CVE-2015-3641", lastModified: "2024-11-21T02:29:33.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-12T21:15:11.687", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }