Bitcoin: >> Bitcoin Core >> 24.0.1 Security Vulnerabilities
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-28
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-28
Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel transactions.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-12-09
In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-11-18
In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-11-18
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance.
CVSS Score
7.5
EPSS Score
0.025
Published
2024-10-10
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
CVSS Score
5.3
EPSS Score
0.0
Published
2023-12-09
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-05-22
bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking.
CVSS Score
6.4
EPSS Score
0.015
Published
2013-08-02
The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees.
CVSS Score
5.0
EPSS Score
0.002
Published
2013-03-12
Page 1