The Bitcoin Core developers

7 exploits Active since Jul 2018
CVE-2018-17144 NOMISEC HIGH WORKING POC
Bitcoin Core <0.14.3, 0.15.x <0.15.2, 0.16.x <0.16.3 - DoS
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
9 stars
CVSS 7.5
CVE-2016-10724 WRITEUP HIGH WORKING POC
Bitcoin Core < 0.13.0 - Denial of Service
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.
CVSS 7.5
CVE-2016-10725 WRITEUP HIGH WORKING POC
Bitcoin Core < 0.13.0 - Cryptographic Issue
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.
CVSS 7.5
CVE-2019-7167 WRITEUP HIGH WRITEUP
Zcash <2018-10-28 - Privilege Escalation
Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.
CVSS 7.5
CVE-2021-37491 WRITEUP HIGH WRITEUP
Dogecoin Core <1.14.3 - Info Disclosure
An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function.
CVSS 7.5
CVE-2021-37492 WRITEUP HIGH WRITEUP
Ravencoin Core <4.3.2.1 - Info Disclosure
An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll() function.
CVSS 7.5
CVE-2023-50428 WRITEUP MEDIUM WRITEUP
Bitcoin Core <26.0 - Bitcoin Knots <25.1.knots20231115 - Code Injec...
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
CVSS 5.3