Bitcoin Bitcoin_core

54 CVEs affecting Bitcoin Bitcoin_core. Latest disclosed: 2026-03-20. Critical: 0, High: 21.

Top CVEs affecting Bitcoin Bitcoin_core
CVESeverityScorePublishedSummary
CVE-2025-46597High7.52026-03-20Bitcoin Core 0.13.0 through 29.x has an integer overflow.
CVE-2025-54605High7.52025-10-28Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).
CVE-2025-54604High7.52025-10-28Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
CVE-2024-52920High7.52024-11-18Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.
CVE-2024-52916High7.52024-11-18Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.
CVE-2024-52915High7.52024-11-18Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.
CVE-2024-52914High7.52024-11-18In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.
CVE-2024-52912High7.52024-11-18Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an ab…
CVE-2019-25220High7.52024-11-18Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width…
CVE-2024-35202High7.52024-10-10Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in…
CVE-2023-37192High7.52023-07-07Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing…
CVE-2023-33297High7.52023-05-22Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-…
CVE-2021-3195High7.52021-01-26bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOT…
CVE-2020-14198High7.52020-09-10Bitcoin Core 0.20.0 allows remote denial of service.
CVE-2018-17145High7.52020-09-10Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with r…
CVE-2017-12842High7.52020-03-16Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did…
CVE-2015-3641High7.52020-03-12bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy"…
CVE-2019-15947High7.52019-09-05In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file…
CVE-2018-17144High7.52018-09-19Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial o…
CVE-2016-10725High7.52018-07-05In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operation…