Product
bitcoin core
54 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-46597
CVE-2025-46598
CVE-2025-54605
CVE-2025-54604
CVE-2024-55563
CVE-2024-52922
CVE-2024-52921
CVE-2024-52920
CVE-2024-52919
CVE-2024-52917
CVE-2024-52916
CVE-2024-52915
CVE-2024-52914
CVE-2024-52913
CVE-2024-52912
CVE-2019-25220
CVE-2024-35202
CVE-2023-50428
CVE-2023-37192
CVE-2023-33297
CVE-2021-3195
CVE-2020-14198
CVE-2018-17145
CVE-2017-12842
CVE-2018-20586
CVE-2017-18350
CVE-2015-3641
CVE-2019-15947
CVE-2018-20587
CVE-2018-17144
CVE-2016-10725
CVE-2016-10724
CVE-2013-5700
CVE-2013-4627
CVE-2013-4165
CVE-2013-3220
CVE-2013-3219
CVE-2013-2293
CVE-2013-2292
CVE-2013-2273
CVE-2013-2272
CVE-2012-4684
CVE-2012-4683
CVE-2012-4682
CVE-2012-3789
CVE-2012-2459
CVE-2012-1910
CVE-2012-1909
CVE-2011-4447
CVE-2010-5141
CVE-2010-5140
CVE-2010-5139
CVE-2010-5138
CVE-2010-5137
>= 0.13.0 and < 0.30.0
Bitcoin Core 0.13.0 through 29.x has an integer overflow.
< 0.30.0
Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.
< 30.0
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).
< 30.0
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
<= 27.2
Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. Fo
< 25.1
In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay
< 25.0
In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.
< 0.20.0
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.
< 22.0
Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of
< 22.0
Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the n
< 0.15.0
Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.
< 0.20.0
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.
< 0.18.0
In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.
< 0.21.0
In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transactio
< 0.21.0
Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newl
< 24.0.1
Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty heade
< 25.0
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit)
>= 0.9 and <= 26.0
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating d
all versions
Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's
< 24.1
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) becau
<= 0.21.0
bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) v
all versions
Bitcoin Core 0.20.0 allows remote denial of service.
>= 0.16.0 and < 0.16.2
Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple tr
< 0.14.0
Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wall
all versions
bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.
< 0.15.1
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. T
< 0.10.2
bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client appl
all versions
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user
>= 0.12.0 and <= 0.17.1
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Contr
>= 0.14.0 and < 0.14.3
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0
< 0.13.0
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all ot
< 0.13.0
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated
all versions
The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of serv
all versions
Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumptio
all versions
The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting t
all versions
bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, d
all versions
bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass i
all versions
The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without in
all versions
bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining
all versions
bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and
all versions
The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before
all versions
The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature
all versions
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a differen
all versions
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a differen
<= 0.5.6
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x
<= 0.4.5
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.
all versions
Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use
all versions
The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multip
all versions
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deleti
<= 0.3.4
wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers t
<= 0.3.12
wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmat
<= 0.3.10
Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and crea
all versions
wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transacti
<= 0.3.4
wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction c