Common Vulnerabilities and Exposures

From BitcoinWiki
(Redirected from CVEs)

This is the approved revision of this page, as well as being the most recent.
Jump to: navigation, search
CVE Announced Affects Severity Attack is... Flaw Net
CVE-2010-5137 2010-07-28 wxBitcoin and bitcoind DoS Easy OP_LSHIFT crash 100%
CVE-2010-5141 2010-07-28 wxBitcoin and bitcoind Theft Easy OP_RETURN could be used to spend any output. 100%
CVE-2010-5138 2010-07-29 wxBitcoin and bitcoind DoS Easy Combined output overflow 100%
CVE-2010-5140 2010-09-29 wxBitcoin and bitcoind DoS Hard Wallet non-encryption 100%
CVE-2012-1909 2012-03-07 Bitcoin protocol and all clients Netsplit Very hard Transaction overwriting 99%
CVE-2012-1910 2012-03-17 bitcoind & Bitcoin-Qt for Windows Unknown Hard MingW non-multithreading 100%
BIP 0016 2012-04-01 All Bitcoin clients Fake Conf Miners Mandatory P2SH protocol update 99%
CVE-2012-2459 2012-05-14 bitcoind and Bitcoin-Qt Netsplit<ref name="Netsplit"/> Easy Block hash collision (via merkle root) 99%

<!--

CVE-2012-3584 2012-06-16 Bitcoin p2p protocol DoS<ref name="DoS"/> Miners<ref name="MinerEasy"/> Poor miner incentives (no fix)

-->

CVE-2012-3789 2012-06-20 bitcoind and Bitcoin-Qt DoS<ref name="DoS"/> Easy (Lack of) orphan txn resource limits 99%
CVE-2012-4682 bitcoind and Bitcoin-Qt DoS<ref name="DoS"/> 98%
CVE-2012-4683 2012-08-23 bitcoind and Bitcoin-Qt DoS<ref name="DoS"/> Easy Targeted DoS by CPU exhaustion using alerts 98%
CVE-2012-4684 2012-08-24 bitcoind and Bitcoin-Qt DoS<ref name="DoS"/> Easy Network-wide DoS using malleable signatures in alerts 98%
CVE-2013-2272 2013-01-11 bitcoind and Bitcoin-Qt Exposure<ref name="Exposure"/> Easy Remote discovery of node's wallet addresses 97%
CVE-2013-2273 2013-01-30 bitcoind and Bitcoin-Qt Exposure<ref name="Exposure"/> Easy Predictable change output 97%
CVE-2013-2292 2013-01-30 bitcoind and Bitcoin-Qt DoS<ref name="DoS"/> Hard A transaction that takes at least 3 minutes to verify 0%
CVE-2013-2293 2013-02-14 bitcoind and Bitcoin-Qt DoS<ref name="DoS"/> Easy Continuous hard disk seek 97%
CVE-2013-3219 2013-03-11 bitcoind and Bitcoin-Qt 0.8.0 Fake Conf<ref name="FakeConf"/> Miners<ref name="MinerEasy"/> Unenforced block protocol rule 100%
CVE-2013-3220 2013-03-11 bitcoind and Bitcoin-Qt Netsplit<ref name="Netsplit"/> Hard Inconsistent BDB lock limit interactions 97%
BIP 0034 2013-03-25 All Bitcoin clients Fake Conf<ref name="FakeConf"/> Miners Mandatory block protocol update 99%
BIP 0050 2013-05-15 All Bitcoin clients Netsplit Hard fork to remove txid limit protocol rule 97%
CVE-2013-4627 2013-06-?? bitcoind and Bitcoin-Qt DoS Local Timing leak in RPC authentication 57%
CVE-2013-5700 2013-09-04 bitcoind and Bitcoin-Qt 0.8.x DoS.

See Also on BitcoinWiki[edit]

Source[edit]

http://bitcoin.it/