CVE Daily
← All tags

Tag: Bitcoin Core

All CVEs associated with "Bitcoin Core". Page 1/1 • 36 CVEs.

About “Bitcoin Core”

A curated feed of “Bitcoin Core”-related CVEs appears below. We currently track 36 CVEs for this tag (all time). In the last 365 days, 5 were published. Average CVSS is 7.1 (all time; 7.1 over 365d), and 67% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-284 - Improper Access Control, CWE-190 - Integer Overflow or Wraparound.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: bitcoin-core

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
3131.0-
3030.2-
2929.3-
2828.4 Expired
2727.2 Expired
2626.2 Expired
2525.2 Expired
2424.2 Expired
2323.2 Expired
2222.1 Expired
0.210.21.2 Expired
0.200.20.2 Expired
0.190.19.2 Expired
0.180.18.1 Expired
0.170.17.2 Expired
0.160.16.3 Expired
0.150.15.2 Expired
0.140.14.3 Expired
0.130.13.2 Expired
0.120.12.1 Expired
0.110.11.3 Expired
0.100.10.5 Expired
0.90.9.5 Expired
0.80.8.6 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Bitcoin Core”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-05-05
High

CVE-2024-52911

Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2026-03-20
High

CVE-2025-46597

Bitcoin Core 0.13.0 through 29.x has an integer overflow.

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2025-46598

Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.

CVSS: 5.3 CWE: CWE-405 - Asymmetric Resource Consumption (Amplification) View on NVD
2025-10-28
High

CVE-2025-54605

Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-54604

Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2024-12-09
Medium

CVE-2024-55563

Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be c…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2024-11-18
Medium

CVE-2024-52922

In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2024-52921

In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-52920

Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-52919

Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages.

CVSS: 6.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2024-52918

Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file.

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-52917

Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-52916

Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-52915

Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-52914

In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-52913

In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled.

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-52912

Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug.

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2019-25220

Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does n…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Critical

CVE-2015-20111

miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerabi…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2024-10-11
High

CVE-2024-38365

btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's "FindAndDelete()" functio…

CVSS: 7.4 CWE: CWE-670 - Always-Incorrect Control Flow Implementation View on NVD
2024-10-10
High

CVE-2024-35202

Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committe…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2024-04-30
Medium

CVE-2024-34149

In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit ch…

CVSS: 6.3 CWE: N/A View on NVD
2023-12-09
Medium

CVE-2023-50428

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by…

CVSS: 5.3 CWE: N/A View on NVD
2023-07-07
High

CVE-2023-37192

Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions t…

CVSS: 7.5 CWE: CWE-311 - Missing Encryption of Sensitive Data View on NVD
2023-05-22
High

CVE-2023-33297

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2021-05-13
Medium

CVE-2021-31876

Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attac…

CVSS: 6.5 CWE: CWE-863 - Incorrect Authorization View on NVD
2021-02-04
Critical

CVE-2021-3401

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated…

CVSS: 9.8 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
2021-01-26
High

CVE-2021-3195

bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2020-09-10
High

CVE-2020-14198

Bitcoin Core 0.20.0 allows remote denial of service.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2018-17145

Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2020-03-16
High

CVE-2017-12842

Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attac…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2019-09-05
High

CVE-2019-15947

In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's…

CVSS: 7.5 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2019-02-11
Medium

CVE-2018-20587

Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC…

CVSS: 5.5 CWE: N/A View on NVD
2018-09-19
High

CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitabl…

CVSS: 7.5 CWE: N/A View on NVD
2018-07-05
High

CVE-2016-10725

In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavio…

CVSS: 7.5 CWE: CWE-310 View on NVD
High

CVE-2016-10724

Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain priva…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox