CVE-2018-17144

HIGH IN THE WILD

Bitcoin Core <0.14.3, 0.15.x <0.15.2, 0.16.x <0.16.3 - DoS

Title source: llm

Exploitation Summary

CVE-2018-17144 has been observed exploited in the wild (reported by InTheWild.io). EIP tracks 2 public exploits from researchers including hikame, iioch.

AI-analyzed exploit summary This repository contains two Python scripts demonstrating CVE-2018-17144, a Bitcoin Core vulnerability allowing double-spend attacks via invalid block propagation. The PoCs use Bitcoin's test framework to craft and send malformed blocks with duplicated transactions.

Description

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

Exploits (2)

nomisec WORKING POC 9 stars

by hikame · poc

https://github.com/hikame/CVE-2018-17144_POC

View Code ZIP pw:eip

This repository contains two Python scripts demonstrating CVE-2018-17144, a Bitcoin Core vulnerability allowing double-spend attacks via invalid block propagation. The PoCs use Bitcoin's test framework to craft and send malformed blocks with duplicated transactions.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Bitcoin Core 0.14.0 to 0.16.2

No auth needed

Prerequisites: Access to a Bitcoin Core node's P2P interface · Ability to craft and send custom blocks

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by iioch · poc

https://github.com/iioch/ban-exploitable-bitcoin-nodes

View Code ZIP pw:eip

This repository provides a bash script to identify and ban Bitcoin nodes vulnerable to CVE-2018-17144, a DoS vulnerability affecting versions below 0.16.3. The script uses `bitcoin-cli` and `jq` to parse peer information and ban exploitable nodes.