Bitcoin: Security Vulnerabilities
The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.
CVSS Score
5.0
EPSS Score
0.005
Published
2013-03-12
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683.
CVSS Score
5.0
EPSS Score
0.004
Published
2012-09-14
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682.
CVSS Score
5.0
EPSS Score
0.004
Published
2012-09-14
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network.
CVSS Score
5.0
EPSS Score
0.005
Published
2012-08-06
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.
CVSS Score
5.0
EPSS Score
0.02
Published
2012-08-06
wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.
CVSS Score
5.0
EPSS Score
0.005
Published
2012-08-06
Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.
CVSS Score
7.5
EPSS Score
0.005
Published
2012-08-06
wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees.
CVSS Score
5.0
EPSS Score
0.007
Published
2012-08-06
wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.005
Published
2012-08-06
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-08-06