Bitcoin Bitcoin_core
54 CVEs affecting Bitcoin Bitcoin_core. Latest disclosed: 2026-03-20. Critical: 0, High: 21.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-46597 | High | 7.5 | 2026-03-20 | Bitcoin Core 0.13.0 through 29.x has an integer overflow. |
CVE-2025-54605 | High | 7.5 | 2025-10-28 | Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2). |
CVE-2025-54604 | High | 7.5 | 2025-10-28 | Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2). |
CVE-2024-52920 | High | 7.5 | 2024-11-18 | Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message. |
CVE-2024-52916 | High | 7.5 | 2024-11-18 | Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers. |
CVE-2024-52915 | High | 7.5 | 2024-11-18 | Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message. |
CVE-2024-52914 | High | 7.5 | 2024-11-18 | In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction. |
CVE-2024-52912 | High | 7.5 | 2024-11-18 | Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an ab… |
CVE-2019-25220 | High | 7.5 | 2024-11-18 | Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width… |
CVE-2024-35202 | High | 7.5 | 2024-10-10 | Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in… |
CVE-2023-37192 | High | 7.5 | 2023-07-07 | Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing… |
CVE-2023-33297 | High | 7.5 | 2023-05-22 | Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-… |
CVE-2021-3195 | High | 7.5 | 2021-01-26 | bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOT… |
CVE-2020-14198 | High | 7.5 | 2020-09-10 | Bitcoin Core 0.20.0 allows remote denial of service. |
CVE-2018-17145 | High | 7.5 | 2020-09-10 | Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with r… |
CVE-2017-12842 | High | 7.5 | 2020-03-16 | Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did… |
CVE-2015-3641 | High | 7.5 | 2020-03-12 | bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy"… |
CVE-2019-15947 | High | 7.5 | 2019-09-05 | In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file… |
CVE-2018-17144 | High | 7.5 | 2018-09-19 | Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial o… |
CVE-2016-10725 | High | 7.5 | 2018-07-05 | In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operation… |