Common Vulnerabilities and Exposures
| CVE | Announced | Affects | Severity | Attack is… | Flaw | Net |
|---|---|---|---|---|---|---|
| CVE-2010-5137 | 2010-07-28 | wxBitcoin and bitcoind | DoS | Easy | OP_LSHIFT crash | 100% |
| CVE-2010-5141 | 2010-07-28 | wxBitcoin and bitcoind | Theft | Easy | OP_RETURN could be used to spend any output. | 100% |
| CVE-2010-5138 | 2010-07-29 | wxBitcoin and bitcoind | DoS | Easy | Combined output overflow | 100% |
| CVE-2010-5140 | 2010-09-29 | wxBitcoin and bitcoind | DoS | Hard | Wallet non-encryption | 100% |
| CVE-2012-1909 | 2012-03-07 | Bitcoin protocol and all clients | Netsplit | Very hard | Transaction overwriting | 99% |
| CVE-2012-1910 | 2012-03-17 | bitcoind & Bitcoin-Qt for Windows | Unknown | Hard | MingW non-multithreading | 100% |
| BIP 0016 | 2012-04-01 | All Bitcoin clients | Fake Conf | Miners | Mandatory P2SH protocol update | 99% |
| CVE-2012-2459 | 2012-05-14 | bitcoind and Bitcoin-Qt | Netsplit<ref name=”Netsplit”/> | Easy | Block hash collision (via merkle root) | 99% <!– |
| CVE-2012-3584 | 2012-06-16 | Bitcoin p2p protocol | DoS<ref name=”DoS”/> | Miners<ref name=”MinerEasy”/> | Poor miner incentives | (no fix) –> |
| CVE-2012-3789 | 2012-06-20 | bitcoind and Bitcoin-Qt | DoS<ref name=”DoS”/> | Easy | (Lack of) orphan txn resource limits | 99% |
| CVE-2012-4682 | bitcoind and Bitcoin-Qt | DoS<ref name=”DoS”/> | 98% | |||
| CVE-2012-4683 | 2012-08-23 | bitcoind and Bitcoin-Qt | DoS<ref name=”DoS”/> | Easy | Targeted DoS by CPU exhaustion using alerts | 98% |
| CVE-2012-4684 | 2012-08-24 | bitcoind and Bitcoin-Qt | DoS<ref name=”DoS”/> | Easy | Network-wide DoS using malleable signatures in alerts | 98% |
| CVE-2013-2272 | 2013-01-11 | bitcoind and Bitcoin-Qt | Exposure<ref name=”Exposure”/> | Easy | Remote discovery of node’s wallet addresses | 97% |
| CVE-2013-2273 | 2013-01-30 | bitcoind and Bitcoin-Qt | Exposure<ref name=”Exposure”/> | Easy | Predictable change output | 97% |
| CVE-2013-2292 | 2013-01-30 | bitcoind and Bitcoin-Qt | DoS<ref name=”DoS”/> | Hard | A transaction that takes at least 3 minutes to verify | 0% |
| CVE-2013-2293 | 2013-02-14 | bitcoind and Bitcoin-Qt | DoS<ref name=”DoS”/> | Easy | Continuous hard disk seek | 97% |
| CVE-2013-3219 | 2013-03-11 | bitcoind and Bitcoin-Qt 0.8.0 | Fake Conf<ref name=”FakeConf”/> | Miners<ref name=”MinerEasy”/> | Unenforced block protocol rule | 100% |
| CVE-2013-3220 | 2013-03-11 | bitcoind and Bitcoin-Qt | Netsplit<ref name=”Netsplit”/> | Hard | Inconsistent BDB lock limit interactions | 97% |
| BIP 0034 | 2013-03-25 | All Bitcoin clients | Fake Conf<ref name=”FakeConf”/> | Miners | Mandatory block protocol update | 99% |
| BIP 0050 | 2013-05-15 | All Bitcoin clients | Netsplit | Hard fork to remove txid limit protocol rule | 97% | |
| CVE-2013-4627 | 2013-06-?? | bitcoind and Bitcoin-Qt | DoS | Local | Timing leak in RPC authentication | 57% |
| CVE-2013-5700 | 2013-09-04 | bitcoind and Bitcoin-Qt 0.8.x | DoS. See Also on BitcoinWikiSource |
