CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52912
https://notcve.org/view.php?id=CVE-2024-52912
18 Nov 2024 — Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug. • https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52913
https://notcve.org/view.php?id=CVE-2024-52913
18 Nov 2024 — In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled. • https://bitcoincore.org/en/2024/07/03/disclose_already_asked_for • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52914
https://notcve.org/view.php?id=CVE-2024-52914
18 Nov 2024 — In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction. • https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52915
https://notcve.org/view.php?id=CVE-2024-52915
18 Nov 2024 — Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message. • https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52916
https://notcve.org/view.php?id=CVE-2024-52916
18 Nov 2024 — Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers. • https://bitcoincore.org/en/2024/07/03/disclose-header-spam • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52917
https://notcve.org/view.php?id=CVE-2024-52917
18 Nov 2024 — Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device. • https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52918
https://notcve.org/view.php?id=CVE-2024-52918
18 Nov 2024 — Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file. • https://bitcoincore.org/en/2024/07/03/disclose-bip70-crash • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52919
https://notcve.org/view.php?id=CVE-2024-52919
18 Nov 2024 — Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages. • https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52920
https://notcve.org/view.php?id=CVE-2024-52920
18 Nov 2024 — Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message. • https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52921
https://notcve.org/view.php?id=CVE-2024-52921
18 Nov 2024 — In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. • https://bitcoincore.org/en/2024/10/08/disclose-mutated-blocks-hindering-propagation • CWE-862: Missing Authorization •