CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50428
https://notcve.org/view.php?id=CVE-2023-50428
09 Dec 2023 — In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug." En Bitcoin Core hasta 26.0 y Bitcoin Knots anteriores a 25.1.knots20231115, los límites de tamaño del portador de datos se pueden eludir ofuscando los dato... • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2023-33297 – Gentoo Linux Security Advisory 202408-12
https://notcve.org/view.php?id=CVE-2023-33297
22 May 2023 — Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023. A vulnerability has been discovered in Bitcoin, which can lead to a denial of service. Versions greater than or equal to 25.0 are affected. • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3195
https://notcve.org/view.php?id=CVE-2021-3195
21 Jan 2021 — bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions ** EN DISPUTA ** bitcoind en Bitcoin Core versiones hasta 0.21.0, puede crear un nuevo archivo en un directorio arbitrario (por ejemplo, fuera del directorio ~/.bitcoin) por medio de una llam... • https://github.com/bitcoin/bitcoin/issues/20866 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15947 – Gentoo Linux Security Advisory 202009-18
https://notcve.org/view.php?id=CVE-2019-15947
05 Sep 2019 — In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command. En Bitcoin Core versión 0.18.0, bitcoin-qt almacena los datos de wallet.dat sin cifrar en la memoria. Ante un bloqueo, puede volcar un archivo core. • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947 • CWE-312: Cleartext Storage of Sensitive Information •