Bitcoin Wiki - User contributions [en]

Consensus versions

2026-04-14T21:11:40Z

Luke-jr: Add RDTS

{| class="wikitable"
! TENTATIVE semantic version number || Software release || Change type || BIP(s)
|-
| 0.1.0 || wxBitcoin 0.1.0 || original
|-
| 0.2.0 || wxBitcoin 0.1.6 || softfork || added nLockTime enforcement<ref>[https://bitcoin.stackexchange.com/a/99104/21052 Was the addition of nLockTime timelocks a hard fork?] Bitcoin StackExchange Retrieved 2020-09-21</ref>
|-
| 0.2.1 || wxBitcoin 0.3.1 || softfork || mostly-redundant 1 MB block size limit
|-
| 0.2.2 || wxBitcoin 0.3.5 || softfork || fixes CVE-2010-5141
|-
| 0.3.0 || wxBitcoin 0.3.6 || hardfork || OP_NOPs added<ref>https://github.com/bitcoin/bitcoin/blob/ec82517c8919f9cb7194511dc322a2575745e39e/script.cpp#L798</ref>
|-
| 0.4.0 || wxBitcoin 0.3.7 || hardfork || scriptSig + scriptPubKey evaluations separated <ref>https://bitcoin.stackexchange.com/questions/111673/was-bitcoin-0-3-7-actually-hard-forking</ref>
|-
| 0.4.1 || wxBitcoin 0.3.10 || softfork || fixes CVE-2010-5137 and CVE-2010-5139
|-
| 0.4.2 || wxBitcoin 0.3.12 || softfork || fixes CVE-2010-5138
|-
| 0.4.3 || wxBitcoin 0.3.13 || softfork || Treat multisig with more than 20 keys invalid after block 84000 <ref>https://github.com/bitcoin/bitcoin/commit/a790fa46f40d751307f86c37a709eb119768ce5b#diff-27496895958ca30c47bbb873299a2ad7a7ea1003a9faa96b317250e3b7aa1fef</ref>
|-
| 1.0.0 || Bitcoin Core 0.6.0 || softfork || fixes CVE-2012-1909
|-
| 1.1.0 || Bitcoin Core 0.6.0 || softfork || BIP16
|-
| 1.1.1 || Bitcoin Core 0.7.0 || softfork || BIP34
|-
| 1.1.2 || Bitcoin Core 0.8.1 || softfork || fixes CVE-2013-3220 by adding txid change limit
|-
| 2.0.0 || Bitcoin Core 0.8.1 || hardfork || removed BDB lock limit & txid change limit
|-
| 2.0.1 || Bitcoin Core 0.9.2 || softfork || BIP42
|-
| 2.1.0 || Bitcoin Core 0.10.0 || softfork || BIP66
|-
| 2.2.0 || Bitcoin Core 0.10.4 || softfork || BIP65
|-
| 2.3.0 || Bitcoin Core 0.12.1 || softfork || BIP68, BIP112, BIP113
|-
| 2.4.0 || Bitcoin Core 0.13.1 || softfork || BIP141, BIP143, BIP147
|-
| 2.4.1 || Bitcoin Core UASF 0.14.0 || softfork || BIP148
|-
| 2.4.2 || Bitcoin Core 0.16.3 || softfork || fixes CVE-2018-17144
|-
| 2.5.0 || Bitcoin Core-based Taproot Client 0.21.0 || softfork || BIP341, BIP342, BIP343
|-
| 2.5.1 (pending) || Bitcoin Knots plus BIP110 || softfork || BIP110
|}

== See also ==

* https://blog.bitmex.com/bitcoins-consensus-forks/

== References ==

DEMAND

2025-08-21T18:35:26Z

Luke-jr: Corrections

{{infobox company|
|founder= Alejandro De La Torre, CEO Co-Founder
Filippo Merli, CTO, Co-Founder
|foundation= 2023
|industry=[[Mining Pool]]
|website=https://www.DMND.WORK}}
[https://WWW.DMND.WORK DMND] is an upcoming [[Stratum v2|Stratum V2]] Bitcoin [[Mining Pool|mining pool]]. Both lottery and pooled mining are planned.

==External Links==

* Website: https://www.DMND.WORK/

[[Category:Services]]

Common Vulnerabilities and Exposures

2025-05-23T16:50:25Z

Luke-jr: updates

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| [https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom/ CVE-2015-3641]
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| OOM via p2p
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc Bitcoin Core/Knots prior to 0.11.2
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-header-spam/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.15.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Easy
| OOM via fake block headers
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.18.0
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Orphan transaction CPU tieup
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.0
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Network buffer OOM
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.0
|bgcolor=lime| CPU usage
|bgcolor=pink| Easy
| Infinite loop via p2p
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-bip70-crash/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.0
|bgcolor=yellow| DoS
|bgcolor=yellow| Recipient<ref name="Recipient">Can only be exploited by the recipient the victim intends to pay</ref>
| OOM via malicious BIP72 URI
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/ CVE-2020-14198]
|
| Bitcoin Core 0.20.1
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.2
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=yellow| Varies
| Adjusted time manipulation
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom/ CVE-2024-52917]
| 2024-07-31
| Bitcoin Core/Knots prior to 22.0 with UPnP enabled
|bgcolor=yellow| DoS
|bgcolor=lime| Local
| OOM via LAN spam
|-
| [https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/ CVE-2024-52919]
| 2024-07-31
| Bitcoin Core/Knots prior to 22.0
|bgcolor=yellow| DoS
|bgcolor=lime| Easy
| OOM via p2p spam
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|-
| [https://bitcoincore.org/en/2024/09/18/disclose-headers-oom/ CVE-2019-25220]
| 2024-09-18
| Bitcoin Core prior to 24.0.1 (Bitcoin Knots unaffected)
| DoS<ref name="DoS"/>
|
| Memory DoS due to headers spam
|
|-
| [https://bitcoincore.org/en/2024/10/08/disclose-mutated-blocks-hindering-propagation/ CVE-2024-52921]
| 2024-10-09
| Bitcoin Core/Knots prior to 25.0
|
|
| Hindered block propagation due to mutated blocks
|
|-
| [https://bitcoincore.org/en/2024/10/08/disclose-large-inv-to-send/ TBD]
| 2024-10-09
| Bitcoin Core/Knots prior to 25.0
|
|
| DoS due to inv-to-send sets growing too large
|
|-
| [https://bitcoincore.org/en/2024/10/08/disclose-blocktxn-crash/ CVE-2024-35202]
| 2024-10-09
| Bitcoin Core/Knots prior to 25.0
|
|
|
|
|-
| [https://bitcoincore.org/en/2024/11/05/cb-stall-hindering-propagation/ CVE-2024-52922]
| 2024-11-05
| Bitcoin Core/Knots prior to 25.1
|
|
|
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Tonal Bitcoin

2025-05-15T02:32:50Z

Luke-jr: /* Number system */ Fix link

Tonal Bitcoin is a representation of the Bitcoin system aimed toward people who prefer the Tonal number system.

== Number system ==

The Tonal number system is an alternative to the decimal and SI ("metric") system, which improves usability by allowing for infinite binary division (note that Bitcoin protocol support is still finite).
Instead of counting: one, two, three, four, five, six, seven, eight, nine, ten, eleven, etc...
In tonal, you would count: an, de, ti, go, su, by, ra, me, ni, ko, hu, vy, la, po, fy, ton, ton-an, etc...
This means you get common binary divisions like one sixteenth (0.0625 in decimal) as a clean number: 0.1 in tonal.
The tonal number system, prior to Bitcoin, already defines everyday units of measure including [http://books.google.com/books?id=aNYGAAAAYAAJ&pg=PA30#v=onepage&q&f=false lengths], [http://books.google.com/books?id=aNYGAAAAYAAJ&pg=PA32#v=onepage&q&f=false time], [http://books.google.com/books?id=aNYGAAAAYAAJ&pg=PA37#v=onepage&q&f=false capacity, weight], [http://books.google.com/books?id=aNYGAAAAYAAJ&pg=PA38#v=onepage&q&f=false power, gold/silver coinage], [http://books.google.com/books?id=aNYGAAAAYAAJ&pg=PA43#v=onepage&q&f=false calendar], [http://books.google.com/books?id=aNYGAAAAYAAJ&pg=PA44#v=onepage&q&f=false temperature], and even [http://books.google.com/books?id=aNYGAAAAYAAJ&pg=PA42#v=onepage&q&f=false postage stamps] and [http://books.google.com/books?id=aNYGAAAAYAAJ&pg=PA45#v=onepage&q&f=false music].

For more information on the Tonal system in general, please see [https://www.lulu.com/shop/john-w-nystrom/tonal-system/ebook/product-1j9r9y6v.html?page=1&pageSize=4 the book].

== As an altcoin ==

While Tonal Bitcoin shares a common blockchain and network with decimal Bitcoin (BTC), it is still also considered to be alternative cryptocurrency ("altcoin") since the units are non-trivially presented differently.
That is, merchants who wish to advertise their product to TBC users would be best to advertise an equivalent TBC price alongside the BTC price.
Additionally, had a separate [[block chain]] ("altchain") been created for TBC, there would have been no advantage to it, and instead enabled a number of abuses and reduced compatibility.
Therefore, as an altcoin, TBC demonstrates an ideal way to extend Bitcoin without needing to resort to unnecessary complications.

From the altcoin perspective, TBC is seen to have a number of benefits over more common altchain-based altcoins:
* It shares the same blockchain as BTC, so benefits from the full security and difficulty backing the Bitcoin blockchain.
* TBC is mined together with BTC - unlike ordinary merged mining, you don't get BTC plus TBC, just one or the other at your choice.
* TBC is completely compatible with all Bitcoin addresses: if you send BTC to a TBC client's address, it will automatically get converted and vice-versa.

Tonal Bitcoin is also notably the first altcoin ever, having been created in 2011 January.

== Specification ==

Please note, that all numbers of TBC and its divisions/multipliers are written in [http://en.wikipedia.org/wiki/Tonal_System Tonal], not decimal.
This means that instead of counting 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10-- you count: 0, 1, 2, 3, 4, 5, 6, 7, 8, , 9, , , , , , 10.

{| border="1" style="text-align:right;font-family:Console, Luxi Mono, fixed"
|- style="background-color:silver"
! Abbreviation
! Pronunciation
! [[Tonal Bitcoin|Tonal (TBC)]]
! Decimal (BTC)
|-
|
| Tam-Bitcoin
| 1 0000 0000     
| 2 814 749.767 106 56
|-
| ᵇTBC
| Bong-Bitcoin
| 1 0000     
| 42.949 672 96
|-
| ᵐTBC
| Mill-Bitcoin
| 1000     
| 2.684 354 56
|-
| ˢTBC
| San-Bitcoin
| 100     
| 0.167 772 16
|-
| ᵗTBC
| Ton-Bitcoin
| 10     
| 0.010 485 76
|-
| TBC
| Bitcoin*
| 1     
| 0.000 655 36
|-
| TBCᵗ
| Bitcoin-ton
| 0.1   
| 0.000 040 96
|-
| TBCˢ
| Bitcoin-san
| 0.01  
| 0.000 002 56
|-
| TBCᵐ
| Bitcoin-mill
| 0.001 
| 0.000 000 16
|-
| TBCᵇ
| Bitcoin-bong
| 0.0001
| 0.000 000 01
|}

* Tonal Bitcoin and Decimal Bitcoin can be differentiated by the pronunciation of the numbers. "One bitcoin", "two bitcoin", etc is decimal, but "an bitcoin", "de bitcoin" is tonal.

The total number of Tonal Bitcoins ever (analogous to the 21mil BTC in decimal representation) is just over 7.75059 tam-bitcoin.

== Compatible Clients ==

While all Bitcoin clients will correctly approximate values in decimal bitcoin, actual Tonal compatibility is sparse.

* [[Bitcoin Knots]] has native TBC support.
* Patches exist for [[Bitcoin Core]] to support TBC (for example, [https://github.com/luke-jr/bitcoin/commit/tbc Luke Dashjr's TBC patch for Bitcoin Core master]).
* [[Spesmilo]], despite its name, could be configured to display TBC. However, it is no longer maintained and does not work with recent versions of Bitcoin Core.

== Guessing TBC or BTC ==

Given variable 'value' in base units (uBTCents/TBCᵇ), one can guess whether it is properly Decimal Bitcoin or Tonal Bitcoin with the following pseudo-code:

if ( ! ( this % 0x10000 ) )
Choose Tonal Bitcoin
if ( ! ( this % 1000000 ) )
Choose Decimal Bitcoin
if ( ! ( this % 0x100 ) )
Choose Tonal Bitcoin

=== Python ===

<pre>import math

def formatBTC(n, addSign = False):
s = "%0.2f BTC" % (math.ceil(n * 100) / 100.,)
if addSign and n >= 0:
s = "+" + s
return s

def Bitcoin2BTC(n):
return n / 100000000.

toTonalDict = dict(((57, u'\ue9d9'), (65, u'\ue9da'), (66, u'\ue9db'), (67, u'\ue9dc'), (68, u'\ue9dd'), (69, u'\ue9de'), (70, u'\ue9df'), (97, u'\ue9da'), (98, u'\ue9db'), (99, u'\ue9dc'), (100, u'\ue9dd'), (101, u'\ue9de'), (102, u'\ue9df')))

def formatTBC(n, addSign = False):
s = "%x" % n
n %= 1
if n:
s += '.'
while n:
n *= 16
s += "%x" % n
n %= 1
s = unicode(s).translate(toTonalDict)
s += " TBC"
if addSign and n >= 0:
s = "+" + s
return s

def Bitcoin2TBC(n):
return n / 65536.

def formatBitcoin(n, addSign = False):
if not n % 0x10000:
return formatTBC(Bitcoin2TBC(n), addSign);
if not n % 1000000:
return formatBTC(Bitcoin2BTC(n), addSign);
if not n % 0x100:
return formatTBC(Bitcoin2TBC(n), addSign);
s = "%d uBTCents" % (n,);
if addSign and n > 0:
s = "+" + s;
return s;</pre>

== Criticism ==

=== Hexadecimal could be done without new fonts as characters ===

The tonal notation is not supported by fonts bundled with popular operating systems, and so usually requires extra fonts to use.
Within the programming community there is a widely accepted convention for hexadecimal notation: use A-F for the higher order digits. Thus, one counts 0,1,2,3, ... , 9,A,B,C,D,E,F,10,11 .... There are even two conventions, (which are lacking in tonal notation) for distinguishing a base-16 number from a decimal. The C convention prefixes 0x and the Motorola convention suffixes h. So, the number san, 256 (decimal) would be written 0x100 or 100h. In tonal notation, it would only be written 100, and thus potentially confused with decimal 100 which is 0x64, though this confusion is less of a problem for Bitcoin since the context is always explicit (SI/BTC vs Tonal/TBC units).

Thus hexadecimal notation accomplishes most of the same goals as tonal notation, at least for Bitcoin, with no requirement for changing fonts, thus is more suited to wider usage. Further the prefix and suffix conventions lead to less ambiguity within the tonal community.

'''However,''' the goal of Tonal Bitcoin is to bring Bitcoin to Tonal, not to redefine Tonal (which is older than hexadecimal) or advocate change to the number system itself, so this is out of scope.
Additionally, hexadecimal would make referring to "a bitcoin" ambiguous - such a value could mean the equivalent of either one or ten in decimal!

=== Not relevant to Bitcoin ===

Contrary to common myth, Bitcoin is not all about anonymity (and in fact, Bitcoin is ''not'' even anonymous itself).
Most people in the world don't care about anonymity, and Bitcoin would never get off the ground if it had a niche one-issue purpose.
Bitcoin is many things to many people, and not everyone has the same ideals or goals in mind.
For people who use the Tonal number system, Bitcoin's ability to adapt to it is a "killer feature", and gives them reason to prefer it over their local fiat currencies.

File:Bitcoinknots.png

2025-05-04T22:07:25Z

Luke-jr: Luke-jr uploaded a new version of File:Bitcoinknots.png

== Summary ==
Bitcoin Knots logo
== Licensing ==
{{Copyrighted free use}}

Covenants support

2024-12-04T16:29:07Z

Luke-jr: Merge edit by ReardenCode

<big><big>This list is incomplete and under construction.</big></big>

{| class="wikitable"
| {{Evaluating}} || Not sure. Still evaluating the idea
|-
| {{No}} || Doesn't support (but might or might not go along with it with sufficient community support)
|-
| {{Deficient}} || Okay with the idea, but considers it to have insufficient community support
|-
| {{Weak}} || Better than nothing at all
|-
| {{Wanting}} || Positively likes the idea, but considers it to have insufficient community support
|-
| {{Acceptable}} || It is a workable solution
|-
| {{Prefer}} || The best option all things considered
|}

__TOC__

==Developers==

{| class="wikitable sortable"
! Developer
! Affiliation
! colspan="4" | LNHANCE
! OP_CAT
! OP_CCV
! OP_VAULT
! OP_TXHASH
! SIGHASH_APO
|-
!
!
! OP_CTV
! OP_CSFS
! OP_PAIRCOMMIT
! OP_INTERNALKEY
!
!
!
!
!
|-
| 1440000bytes || joinstr || {{Prefer}} || {{Acceptable}} || {{No}} || {{Acceptable}} || {{Deficient}} || {{Evaluating}}|| {{Acceptable}} || {{No}} || {{No}}
|-
| Jon Atack || Bitcoin Core || {{Acceptable}} || {{Evaluating}} || {{Evaluating}} || {{Evaluating}} || {{Evaluating}} || {{Evaluating}} || {{Evaluating}} || {{Evaluating}} || {{Evaluating}}
|-
| Luke Dashjr || Bitcoin Knots || {{Acceptable}} || {{Wanting}} || {{Evaluating}} || {{No}} || {{Deficient}} || {{Evaluating}} || {{Evaluating}} || {{Evaluating}} || {{Acceptable}}
|-
| moonsettler || LNhance || {{Prefer}} || {{Prefer}} || {{Prefer}} || {{Prefer}} || {{Wanting}} || {{Wanting}} || {{Wanting}} || {{Wanting}} || {{Weak}}
|-
| matthewjablack || Atomic Finance || {{Prefer}} || {{Acceptable}} || {{Weak}} || {{Acceptable}} || {{Wanting}} || {{Evaluating}} || {{Acceptable}} || {{Weak}} || {{Weak}}
|-
| reardencode || LNHANCE || {{Prefer}} || {{Prefer}} || {{Acceptable}} || {{Prefer}} || {{Wanting}} || {{Wanting}} || {{Wanting}} || {{Deficient}} || {{No}}
|}

Covenants support

2024-12-03T22:12:26Z

Luke-jr: Add me

<big><big>This list is incomplete and under construction.</big></big>

{| class="wikitable"
| {{Evaluating}} || Not sure. Still evaluating the idea
|-
| {{No}} || Doesn't support (but might or might not go along with it with sufficient community support)
|-
| {{Deficient}} || Okay with the idea, but considers it to have insufficient community support
|-
| {{Weak}} || Better than nothing at all
|-
| {{Wanting}} || Positively likes the idea, but considers it to have insufficient community support
|-
| {{Acceptable}} || It is a workable solution
|-
| {{Prefer}} || The best option all things considered
|}

__TOC__

==Developers==

{| class="wikitable sortable"
! Developer
! Affiliation
! colspan="4" | LNHANCE
! OP_CAT
! OP_CCV
! OP_VAULT
! OP_TXHASH
! SIGHASH_APO
|-
!
!
! OP_CTV
! OP_CSFS
! OP_PAIRCOMMIT
! OP_INTERNALKEY
!
!
!
!
!
|-
| 1440000bytes || joinstr || {{Prefer}} || {{Acceptable}} || {{No}} || {{Acceptable}} || {{Deficient}} || {{Evaluating}}|| {{Acceptable}} || {{No}} || {{No}}
|-
| Luke Dashjr || Bitcoin Knots || {{Acceptable}} || {{Wanting}} || {{Evaluating}} || {{No}} || {{Deficient}} || {{Evaluating}} || {{Evaluating}} || {{Evaluating}} || {{Acceptable}}
|-
| moonsettler || LNhance || {{Prefer}} || {{Prefer}} || {{Prefer}} || {{Prefer}} || {{Wanting}} || {{Wanting}} || {{Wanting}} || {{Wanting}} || {{Weak}}
|-
| matthewjablack || Atomic Finance || {{Prefer}} || {{Acceptable}} || {{Weak}} || {{Acceptable}} || {{Wanting}} || {{Evaluating}} || {{Acceptable}} || {{Weak}} || {{Weak}}
|}

Taproot activation proposals

2024-09-14T06:07:47Z

Luke-jr:

This page summarizes several technical proposals for activating the taproot soft fork defined by BIPs 340-343. The goal is to succinctly reference the tradeoffs inherent in each class of proposals so that the development community can choose and implement an activation method that users will find acceptable.

Note that a common theme in many of the proposals is dealing with the case where an insufficient percentage of hashrate signals readiness to enforce taproot. This is a reaction to the difficulty activating segwit. However, there is currently no indication that there will be difficulty activating taproot---miners may offer it the same support that they offered other non-controversial soft forks such as BIP34 height in coinbase, BIP66 strict DER, BIP65 <code>OP_CHECKLOCKTIMEVERIFY</code>, and BIPs 68/112/113 relative locktimes.

== Notes on BIP8 ==

At the time this document is being written, [https://github.com/bitcoin/bips/blob/master/bip-0008.mediawiki BIP8] has been drafted based on lessons learned in 2017.
One notable change following BIPs 9+148 is that forced activation is now based on block height rather than median time past; a second notable change is that forced activation is a boolean parameter chosen when a soft fork’s activation parameters are set either for the initial deployment or updated in a later deployment.

BIP8 without forced activation is very similar to [https://github.com/bitcoin/bips/blob/master/bip-0009.mediawiki BIP9] ''version bits with timeout and delay'', with the only significant difference being BIP8’s use of block heights compared to BIP9’s use of median time past. This setting allows the attempt to fail (but it can be retried later).

BIP8 with forced activation concludes with a mandatory signaling period where all blocks produced in compliance with its rules must signal readiness for the soft fork in a way that will trigger activation in an earlier deployment of the same soft fork with non-mandatory activation. In other words, if node version x is released without forced activation and, later, version y is released that successfully forces miners to begin signaling readiness within the same time period, both versions will begin enforcing the new consensus rules at the same time.

This flexibility of the revised BIP8 proposal makes it possible to express some other ideas in terms of what they would look like using BIP8. This provides a common factor to use for categorizing many different proposals.

== Prior to 2021 ==

=== Proposal overview ===

Nomenclature: <code>BIP8(lockinontimeout, timeout)</code>. The <code>lockinontimeout</code> parameter is a bool specifying whether the attempt will conclude with a flag day activation (true) or a failure to activate (false). The <code>timeout</code> parameter specifies how many months (m) or years (y) until either the attempt fails or in mandatory activated. Columns with empty stages appear when no action is specified in advance (but any action with broad user support is still possible).

Precise time parameters are still under discussion, with some people advocating moderately longer durations and some advocating moderately shorter durations. The entries below are examples meant to reflect the general idea behind a class of proposals.


{|
!| Short name
!| Variation
!| First stage
!| Second stage
!| Third stage
|-
| Let’s see what happens
| Default
| BIP8(false, 3m)
|

|

|-
| BIP9 equivalent
| Default
| BIP8(false, 1y)
|

|

|-
| Modern Soft Fork Activation
| No issues
| BIP8(false, 1y)
| ''No action, 6m''
| BIP8(true, 2y)
|-
|

| Issue discovered
| BIP8(false, 1y)
| ''Abandon attempt''
|

|-
| Decreasing Threshold Soft Fork Activation
| No issues
| BIP8(false, 1y)
| ''No action, 6m''
| BIP8(true, 2.5y), decreasing threshold
|-
|

| Issue discovered
| BIP8(false, 1y)
| ''Abandon attempt''
|

|-
| Start now, improve later
| No additional action
| BIP8(false, 2y)
|

|

|-
|

| Commit to activation
| <s>BIP8(false, 2y)</s>
| BIP8(true, 2y)
|

|-
|

| Commit to accelerated activation
| <s>BIP8(false, 2y)</s>
| BIP8(true, 1y)
|

|-
| Gently discourage apathy
| Default
| BIP8(true, 2y)
| N/A
| N/A
|-
|

| Accelerate activation
| <s>BIP8(true, 2y)</s>
| BIP8(true, 1y)
| N/A
|}

The same proposals as above graphed over time:

[[File:Activation-timeline.png|frame|none|alt=|Activation timeline]]

=== Proposals ===

==== Let’s see what happens, BIP8(false, 3m) ====

Proposed as a low-risk way to see if miners are willing to activate taproot as quickly as they activated BIP65 CLTV (two months) and BIP68 consensus-enforced sequence numbers (one month).

Pros:

* '''Non-committal:''' if a problem is discovered with taproot before miner activation, or there’s a lack of user support for the proposal, the attempt can safely fail without further intervention.
* '''Short duration:''' if it fails unnecessarily, we’ll only have lost three months plus deployment time.
* '''Useful data:''' if it works, it will add evidence to the theory that segwit activation was an aberration and users, developers, and miners can continue working together to upgrade the consensus protocol with minimal fuss.

Cons:

* '''Unnecessary failure risk (3 months):''' if it fails for no good reason, we’ll have wasted three months, plus its deployment time, plus the time to choose and deploy another activation method.
* '''Single-shot:''' if it fails, anyone who ran the 3-month release must upgrade in order to enforce any subsequent attempts. Compare to the ''start now, improve later'' proposal where early releases can be triggered to activate by later releases.

 
==== BIP9 equivalent, BIP8(false, 1y) ====

Some people think that the lack of miner readiness signaling during the first several months of segwit availability was an aberration specific to the political context of the block size debate, segwit’s interference with covert ASICBoost, or some other factor. These people may wish to try BIP9 again. BIP8(false, 1y) is essentially BIP9 but using block heights rather than median time past to guarantee a specified number of signaling periods.

Pros:

* '''Non-committal:''' if a problem is discovered with taproot before miner activation, or there’s a lack of user support for the proposal, the attempt can safely fail without further intervention.
* '''Useful data:''' if it works, it will add evidence to the theory that segwit activation was an aberration and users, developers, and miners can continue working together to upgrade the consensus protocol with minimal fuss.

Cons:

* '''Unnecessary failure risk (1 year):''' if it fails for no good reason, we’ll have wasted an entire year, plus its deployment time, plus the time to choose and deploy another activation method.

 
==== Modern Soft Fork Activation, BIP8(false, 1y)+quiet(6m)+BIP8(true, 2y) ====

Proposed in a [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-January/017547.html mailing list post], the goals of this idea are to ensure users truly want a soft fork and that it’s activated in a way that minimizes the risk of disruption.

Pros:

* '''Non-committal (initial deployment):''' if a problem is discovered with taproot during the first two stages, or there’s a lack of user support for the proposal, the attempt can safely fail without further intervention.
* '''Useful data:''' if it activates quickly, it will add evidence to the theory that segwit activation was an aberration and users, developers, and miners can continue working together to upgrade the consensus protocol with minimal fuss.
* '''Far-off flag day:''' if mandatory activation is needed, there’s a long time (2 years) for users to upgrade to mandatory enforcement nodes. This minimizes the chance that only a small number of users will enact mandatory enforcement and then be tricked into accepting bitcoins that most other users won’t consider valid.

Cons:

* '''Committal (subsequent deployment):''' if a problem is discovered with taproot during the final stage, users and developers may need to intervene to prevent the problem from being exploited.
* '''Unnecessary delay:''' without miner cooperation, it will take almost three years to get the taproot features, which may delay other useful Bitcoin work or cause developers to spend time implementing unnecessary intermediate solutions (e.g. 2pECDSA rather than MuSig).

 
==== Decreasing Threshold Soft-Fork Activation, BIP8(false, 6m)+NoAction(1y)+BIP8(true, 2.5y) ====

A [slight variation][bip-dectresh] on the Modern Soft Fork Activation method, the final period in this proposal steadily decreases the percentage of hashrate that needs to signal readiness for the soft fork before it activates. For example, normally 95% of blocks in a difficulty period need to signal for a BIP8 soft fork in order to activate it; however, near the end of the final signaling period, it might only require 60% of hash rate to signal readiness. This lower threshold is reasonable because it’s expected that most users will be ready to enforce the proposal at that time. Even if miners still aren’t signaling in sufficient numbers, the proposal can mandatory activate at the end of its final stage.

Pros:

* '''Non-committal (initial deployment):''' if a problem is discovered with taproot during the first two stages, the attempt can safely fail without further intervention.
* '''Useful data:''' if it activates quickly, it will add evidence to the theory that segwit activation was an aberration and users, developers, and miners can continue working together to upgrade the consensus protocol with minimal fuss.
* '''Far-off flag day:''' if mandatory activation is needed, there’s a long time (months or years) for users to upgrade to nodes that accept reduced threshold signaling or mandatory activation. This minimizes the chance that only a small number of users will enact mandatory enforcement and then be tricked into accepting bitcoins that most other users won’t consider valid.

Cons:

* '''Committal (subsequent deployment):''' if a problem is discovered with taproot during the final stage, users and developers may need to intervene to prevent the problem from being exploited.
* '''Unnecessary delay:''' without miner cooperation, it will take almost four years to get the taproot features, which may delay other useful Bitcoin work or cause developers to spend time implementing unnecessary intermediate solutions (e.g. 2pECDSA rather than MuSig).
* '''No reference implementation:''' no implementation of this proposal yet exists, although it is not believed that creating one would be particularly difficult.

 
==== Start now, improve later, BIP8(false, 2y) ====

Proposed as an option that maximizes flexibility, this allows miners to signal readiness to enforce taproot quickly but also makes it easy for users to force taproot activation later. For example, after several months of miners not activating taproot for no good reason, an updated node could be published that used the same BIP8 parameters except <code>lockinontimeout=true</code>, requiring activation at the end of the two years. Or <code>true</code> could be set and the timeout deadline could be shortened, allowing activation within 6 or 12 more months.

Pros:

* '''Non-committal:''' if a problem is discovered with taproot before miner activation, or there’s a lack of user support for the proposal, the attempt can safely fail without further intervention.
* '''Useful data:''' if it activates quickly, it will add evidence to the theory that segwit activation was an aberration and users, developers, and miners can continue working together to upgrade the consensus protocol with minimal fuss.
* '''Enough time for second deployment:''' the two year duration probably gives users and developers enough time to deploy an alternative that sets <code>lockintimeout=true</code>, allowing all nodes compatible with either deployment to activate simultaneously.

Cons:

* '''Unnecessary failure risk (2 years):''' if it fails for no good reason, we’ll have wasted two years, plus its deployment time, plus the time to choose and deploy another activation method.
* '''Chaos risk:''' if some users later decide to <code>lockinontimeout=true</code> with a date before the original two-year end, they all need to choose the same date or users choosing a date with insufficient support could be tricked into accepting non-spendable bitcoins. It may be possible to mitigate this by building support for an acceleration target date even before the initial <code>lockinontimeout=false</code> version is released.

 
==== Gently discourage apathy, BIP8(true, 2y) ====

Proposed as a way to ensure miners eventually need to signal, so they don’t defer doing so out of apathy, this method requires activation after a long delay.

Pros:

* '''Useful data:''' if it activates quickly, it will add evidence to the theory that segwit activation was an aberration and users, developers, and miners can continue working together to upgrade the consensus protocol with minimal fuss.
* '''Far-off flag day:''' if mandatory activation is needed, there’s a long time (months or years) for users to upgrade to nodes that accept reduced threshold signaling or mandatory activation. This minimizes the chance that only a small number of users will enact mandatory enforcement and then be tricked into accepting bitcoins that most other users won’t consider valid.
* '''Enough time for second deployment:''' the two year duration may gives users and developers enough time to deploy additional soft fork rules that fix any problems in the initial proposal.

Cons:

* '''Committal:''' if a problem is discovered with taproot before activation, users and developers may need to intervene to prevent the problem from being exploited.
* '''Unnecessary delay:''' without miner cooperation, it will take two years to get the taproot features, which may delay other useful Bitcoin work or cause developers to spend time implementing unnecessary intermediate solutions (e.g. 2pECDSA rather than MuSig).
* '''Chaos risk:''' if some users later decide to <code>lockinontimeout=true</code> with a date before the original two-year end, they all need to choose the same date or users choosing a date with insufficient support could be tricked into accepting non-spendable bitcoins. It may be possible to mitigate this by building support for an acceleration target date even before the initial version is released.

Solo.ckpool

2024-08-01T04:30:42Z

Luke-jr: Remove false advertising

:''This article is about the mining pool. For other uses, see [[Ckpool (disambiguation)]].''

'''solo.ckpool.org''' is a mining pool that doesn't divide the reward among other participants.
Despite its deceptive name, it is *not* the same thing as solo mining.

solo.ckpool was started on the 31. August 2014 <ref>[https://bitcointalk.org/index.php?topic=763510.msg8604106#msg8604106 (∞ YH) solo.ckpool.org 0.5% fee anonymous bitcoin and free testnet mining!]</ref>. For developers there is also a testnet implementation available.

Pool code created and operated by Con Kolivas, creator of [[cgminer]] and [[ckpool]].

== Servers to use ==
* [[Stratum]] - Use for ALL stratum capable Bitcoin mining software
stratum+tcp://solo.ckpool.org:3333
stratum+tcp://solo.ckpool.org:443

Miners closer to Europe please use one of:
stratum+tcp://de.ckpool.org:3333
stratum+tcp://de.ckpool.org:443

If you use an incompatible rental service that refuses to work on port 3333 try the following:
stratum+tcp://solo.ckpool.org:3334

If you have an asicminer tube/prisma, you can use a custom port 3335 (only accepts usernames without worker extensions) eg:
stratum+tcp://solo.ckpool.org:3335

Set your username to your btcaddress with any or even no worker extension, and any password.

* [[Testnet]]
stratum+tcp://testnet.ckpool.org:3333
Note this is mining worthless testnet coins only! Also, you must be using a testnet bitcoin address on this edition.

==Reward distribution==

* If you find a block, 99% of the 6.25 BTC + transaction fees get generated directly at your bitcoin address.
* 1% goes to the operator to operate the pool and contribute to further ckpool code development.

For testnet:
* If you find a block, 100% of the testnet coins + transaction fees get generated directly at your bitcoin address.

==Extra features==

* No overheads of running a full bitcoin node
* Connected to high speed low latency bitcoin nodes for rapid block change notification and propagation.
* No transaction-free blocks due to the ultra-scaleable code which has miners on both new blocks and transactions concurrently.
* No registration required, no payment schemes, no pool operator wallets
* The miner remains anonymous apart from his BTC address.

==How to run miners ==

'''CGMiner [https://bitcointalk.org/index.php?topic=28402.0 Forum]''' 

cgminer -o stratum+tcp://solo.ckpool.org:3333 -u 1YOUROWNBITCOINADDRESS.0 -p x
If you enter an invalid address you will be rejected.

==See also==

* [[Comparison of mining pools]]
* [[Pooled Mining]]

==External links==

* [http://solo.ckpool.org/ solo.ckpool] web site
* [http://testnet.ckpool.org/ solo.ckpool testnet] web site

==References==
<references />

[[Category:Pool Operators]]
{{Pools}}
{{lowercase}}

Common Vulnerabilities and Exposures

2024-07-31T17:40:13Z

Luke-jr: Add 2 new disclosures

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| [https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom/ CVE-2015-3641]
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| OOM via p2p
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc Bitcoin Core/Knots prior to 0.11.2
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-header-spam/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.15.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Easy
| OOM via fake block headers
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.18.0
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Orphan transaction CPU tieup
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.0
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Network buffer OOM
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.0
|bgcolor=lime| CPU usage
|bgcolor=pink| Easy
| Infinite loop via p2p
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-bip70-crash/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.0
|bgcolor=yellow| DoS
|bgcolor=yellow| Recipient<ref name="Recipient">Can only be exploited by the recipient the victim intends to pay</ref>
| OOM via malicious BIP72 URI
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/ CVE-2020-14198]
|
| Bitcoin Core 0.20.1
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.2
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=yellow| Varies
| Adjusted time manipulation
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom/ TBD]
| 2024-07-31
| Bitcoin Core/Knots prior to 22.0 with UPnP enabled
|bgcolor=yellow| DoS
|bgcolor=lime| Local
| OOM via LAN spam
|-
| [https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/ TBD]
| 2024-07-31
| Bitcoin Core/Knots prior to 22.0
|bgcolor=yellow| DoS
|bgcolor=lime| Easy
| OOM via p2p spam
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Common Vulnerabilities and Exposures

2024-07-04T03:40:59Z

Luke-jr:

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| [https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom/ CVE-2015-3641]
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| OOM via p2p
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc Bitcoin Core/Knots prior to 0.11.2
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-header-spam/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.15.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Easy
| OOM via fake block headers
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.18.0
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Orphan transaction CPU tieup
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.0
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Network buffer OOM
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.0
|bgcolor=lime| CPU usage
|bgcolor=pink| Easy
| Infinite loop via p2p
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-bip70-crash/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.0
|bgcolor=yellow| DoS
|bgcolor=yellow| Recipient<ref name="Recipient">Can only be exploited by the recipient the victim intends to pay</ref>
| OOM via malicious BIP72 URI
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/ CVE-2020-14198]
|
| Bitcoin Core 0.20.1
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.2
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=yellow| Varies
| Adjusted time manipulation
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Common Vulnerabilities and Exposures

2024-07-04T03:34:02Z

Luke-jr: Add 2024/07/03/disclose-bip70-crash (needs CVE)

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| [https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom/ CVE-2015-3641]
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| OOM via p2p
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-header-spam/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.14.3
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Easy
| OOM via fake block headers
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.17.2
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Orphan transaction CPU tieup
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.19.2
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Network buffer OOM
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.19.2
|bgcolor=lime| CPU usage
|bgcolor=pink| Easy
| Infinite loop via p2p
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-bip70-crash/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.19.2
|bgcolor=yellow| DoS
|bgcolor=yellow| Recipient<ref name="Recipient">Can only be exploited by the recipient the victim intends to pay</ref>
| OOM via malicious BIP72 URI
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/ CVE-2020-14198]
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.1
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=yellow| Varies
| Adjusted time manipulation
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Common Vulnerabilities and Exposures

2024-07-04T03:29:24Z

Luke-jr: Add 2024/07/03/disclose-getdata-cpu (needs CVE)

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| [https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom/ CVE-2015-3641]
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| OOM via p2p
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-header-spam/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.14.3
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Easy
| OOM via fake block headers
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.17.2
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Orphan transaction CPU tieup
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.19.2
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Network buffer OOM
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.19.2
|bgcolor=lime| CPU usage
|bgcolor=pink| Easy
| Infinite loop via p2p
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/ CVE-2020-14198]
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.1
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=yellow| Varies
| Adjusted time manipulation
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Common Vulnerabilities and Exposures

2024-07-04T03:25:17Z

Luke-jr: Add 2024/07/03/disclose-header-spam (needs CVE)

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| [https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom/ CVE-2015-3641]
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| OOM via p2p
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-header-spam/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.14.3
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Easy
| OOM via fake block headers
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.17.2
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Orphan transaction CPU tieup
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.19.2
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Network buffer OOM
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/ CVE-2020-14198]
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.1
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=yellow| Varies
| Adjusted time manipulation
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Common Vulnerabilities and Exposures

2024-07-04T03:22:20Z

Luke-jr: Add 2024/07/03/disclose-inv-buffer-blowup (needs CVE)

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| [https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom/ CVE-2015-3641]
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| OOM via p2p
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.17.2
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Orphan transaction CPU tieup
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.19.2
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Network buffer OOM
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/ CVE-2020-14198]
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.1
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=yellow| Varies
| Adjusted time manipulation
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Common Vulnerabilities and Exposures

2024-07-04T03:17:42Z

Luke-jr:

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| [https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom/ CVE-2015-3641]
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| OOM via p2p
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.17.2
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Orphan transaction CPU tieup
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/ CVE-2020-14198]
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.20.1
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=yellow| Varies
| Adjusted time manipulation
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Common Vulnerabilities and Exposures

2024-07-04T03:16:56Z

Luke-jr: Description for 2024/07/03/disclose-orphan-dos

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| [https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom/ CVE-2015-3641]
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| OOM via p2p
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.17.2
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
| Orphan transaction CPU tieup
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/ CVE-2020-14198]
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.21.0
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=yellow| Varies
| Adjusted time manipulation
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Common Vulnerabilities and Exposures

2024-07-04T03:15:09Z

Luke-jr: Add 2024/07/03/disclose-timestamp-overflow (needs CVE)

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| [https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom/ CVE-2015-3641]
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| OOM via p2p
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.18.0
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/ CVE-2020-14198]
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.21.0
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=yellow| Varies
| Adjusted time manipulation
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Common Vulnerabilities and Exposures

2024-07-04T03:10:26Z

Luke-jr: Add 2024/07/03/disclose-orphan-dos (needs CVE assignment)

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| [https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom/ CVE-2015-3641]
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| OOM via p2p
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/ TBD]
| 2024-07-03
| Bitcoin Core/Knots prior to 0.18.0
|bgcolor=yellow| DoS
|bgcolor=pink| Easy
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/ CVE-2020-14198]
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Common Vulnerabilities and Exposures

2024-07-04T03:05:23Z

Luke-jr: Link disclosure of CVE-2020-14198

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| [https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom/ CVE-2015-3641]
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| OOM via p2p
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| [https://bitcoincore.org/en/2024/07/03/disclose-unbounded-banlist/ CVE-2020-14198]
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Common Vulnerabilities and Exposures

2024-07-04T02:37:43Z

Luke-jr: Update CVE-2015-3641

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| [https://bitcoincore.org/en/2024/07/03/disclose_receive_buffer_oom/ CVE-2015-3641]
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| OOM via p2p
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| CVE-2020-14198
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Common Vulnerabilities and Exposures

2024-07-04T02:30:25Z

Luke-jr: Add CVE-2015-6031 due to its proximity to Bitcoin node software

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| CVE-2015-3641
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Yet) Unspecified DoS
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| CVE-2015-6031
| 2015-09-15
| MiniUPnPc
|bgcolor=pink| Anything
|bgcolor=yellow| LAN
| Buffer overflow
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| CVE-2020-14198
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Stratum mining protocol

2024-05-29T16:30:06Z

Luke-jr: Use archive link since Braiins killed the doc

The [[stratum]] overlay protocol was extended to support pooled mining as a replacement for obsolete [[Getwork|getwork]] protocol in late 2012.
The mining service specification was initially announced via [[Slush's pool]]'s website<ref>[https://web.archive.org/web/20150307191254/http://mining.bitcoin.cz/stratum-mining Stratum mining protocol specification at slush's pool's website]</ref>.
Shortly thereafter, alternative "cheat sheet" style documentation was provided by [[BTCGuild]]<ref>[https://www.btcguild.com/new_protocol.php Stratum mining protocol cheat sheet at BTCGuild's website]</ref>.
As the extension lacks a formal [[BIP]] describing an official standard, it has further developed only by discussion and implementation<ref>[https://bitcointalk.org/?topic=108533.0 Stratum discussion thread on BitcoinTalk Forum]</ref>.

==Protocol==

===Overview===
[http://mining.bitcoin.cz/stratum-mining/#example See also: Original example on slush's pool site]

===Methods (client to server)===

====mining.authorize====
mining.authorize("username", "password")

The result from an authorize request is usually true (successful), or false.
The password may be omitted if the server does not require passwords.

====mining.capabilities (DRAFT)====
NOTE: This is a draft extension proposal. It is not yet in use, and may change at any moment.

mining.capabilities({"notify":[], "set_difficulty":{}, "set_goal":{}, "suggested_target": "hex target"})

The client may send this to inform the server of its capabilities and options.
The singleton parameter is an Object describing capabilities;
by default, it is considered as {"notify":{}, "set_difficulty":[]}, but as soon as this method is used these must be explicitly included if desired.
The "suggested_target" key may supersede the mining.suggest_target method.

Note that most of the keys do not have any meaningful value at this time, and the values thereof should be ignored (ie, only their presence matters).

====mining.extranonce.subscribe====
mining.extranonce.subscribe()

Indicates to the server that the client supports the mining.set_extranonce method.

====mining.get_transactions====
mining.get_transactions("job id")

Server should send back an array with a hexdump of each transaction in the block specified for the given job id.

====mining.submit====
mining.submit("username", "job id", "ExtraNonce2", "nTime", "nOnce")

Miners submit shares using the method "mining.submit".
Client submissions contain:
# ''Worker Name.''
# ''Job ID.''
# ''ExtraNonce2.''
# ''nTime.''
# ''nOnce.''

Server response is result: true for accepted, false for rejected (or you may get an error with more details).

====mining.subscribe====
mining.subscribe("user agent/version", "extranonce1")

The optional second parameter specifies a mining.notify subscription id the client wishes to resume working with (possibly due to a dropped connection).
If provided, a server MAY (at its option) issue the connection the same extranonce1.
Note that the extranonce1 may be the same (allowing a resumed connection) even if the subscription id is changed!

The client receives a result:
[[["mining.set_difficulty", "subscription id 1"], ["mining.notify", "subscription id 2"]], "extranonce1", extranonce2_size]
The result contains three items:
* ''Subscriptions.'' - An array of 2-item tuples, each with a subscription type and id.
* ''ExtraNonce1.'' - Hex-encoded, per-connection unique string which will be used for creating generation transactions later.
* ''ExtraNonce2_size.'' - The number of bytes that the miner users for its ExtraNonce2 counter.

====mining.suggest_difficulty====
mining.suggest_difficulty(preferred share difficulty Number)

Used to indicate a preference for share difficulty to the pool.
Servers are not required to honour this request, even if they support the stratum method.

====mining.suggest_target====
mining.suggest_target("full hex share target")

Used to indicate a preference for share target to the pool, usually prior to mining.subscribe.
Servers are not required to honour this request, even if they support the stratum method.

===Methods (server to client)===

====client.get_version====
client.get_version()

The client should send a result String with its name and version.

====client.reconnect====
client.reconnect("hostname", port, waittime)

The client should disconnect, wait ''waittime'' seconds (if provided), then connect to the given host/port (which defaults to the current server).
Note that for security purposes, clients may ignore such requests if the destination is not the same or similar.

====client.show_message====
client.show_message("human-readable message")

The client should display the message to its user in some reasonable way.

====mining.notify====
mining.notify(...)

Fields in order:
# ''Job ID.'' This is included when miners submit a results so work can be matched with proper transactions.
# ''Hash of previous block.'' Used to build the header.
# ''Generation transaction (part 1).'' The miner inserts ExtraNonce1 and ExtraNonce2 after this section of the transaction data.
# ''Generation transaction (part 2).'' The miner appends this after the first part of the transaction data and the two ExtraNonce values.
# ''List of merkle branches.'' The generation transaction is hashed against the merkle branches to build the final merkle root.
# ''Bitcoin block version.'' Used in the block header.
# ''nBits.'' The encoded network difficulty. Used in the block header.
# ''nTime.'' The current time. nTime rolling should be supported, but should not increase faster than actual time.
# ''Clean Jobs.'' If true, miners should abort their current work and immediately use the new job, even if it degrades hashrate in the short term. If false, they can still use the current job, but should move to the new one as soon as possible without impacting hashrate.

====mining.set_difficulty====
mining.set_difficulty(difficulty)

The server can adjust the difficulty required for miner shares with the "mining.set_difficulty" method.
The miner should begin enforcing the new difficulty on the next job received.
Some pools may force a new job out when set_difficulty is sent, using clean_jobs to force the miner to begin using the new difficulty immediately.

====mining.set_extranonce====
mining.set_extranonce("extranonce1", extranonce2_size)

These values, when provided, replace the initial subscription values beginning with the next mining.notify job.

====mining.set_goal (DRAFT)====
NOTE: This is a draft extension proposal. It is not yet in use, and may change at any moment.

mining.set_goal("goal name", {"malgo": "SHA256d", ...})

Informs the client that future jobs will be working on a specific named goal, with various parameters (currently only "malgo" is defined as the mining algorithm).
Miners may assume goals with the same name are equivalent, but should recognise parameter changes in case a goal varies its parameters.

==Software support==

Tables showing miner/server support for Stratum mining protocol:
* [[Mining software]]
* [[Poolservers]]

==Criticism==

===Closed development===

The mining extensions have been criticised as having been developed behind closed doors without input from the wider development and mining community, resulting in various obvious problems that could have been addressed had it followed the standard [[BIP]] drafting process<ref>[https://bitcointalk.org/?topic=557991.msg6079772#msg6079772 BitcoinTalk: Criticism of stratum's closed creation]</ref>.

===Displacing GBT===

The mining extensions were announced after the community had spent months developing a mostly superior open standard protocol for mining ([[getblocktemplate]])<ref>[https://bitcointalk.org/?topic=557991.msg6105355#msg6105355 BitcoinTalk: Criticism of stratum displacing GBT]</ref>.
Because stratum's mining extensions launched backed by a major mining pool, GBT adoption suffered, and decentralised mining is often neglected while stratum is deployed.

==References==
<references/>

Stratum mining protocol

2024-05-29T16:26:22Z

Luke-jr: /* mining.notify */ fix

The [[stratum]] overlay protocol was extended to support pooled mining as a replacement for obsolete [[Getwork|getwork]] protocol in late 2012.
The mining service specification was initially announced via [[Slush's pool]]'s website<ref>[http://mining.bitcoin.cz/stratum-mining/ Stratum mining protocol specification at slush's pool's website]</ref>.
Shortly thereafter, alternative "cheat sheet" style documentation was provided by [[BTCGuild]]<ref>[https://www.btcguild.com/new_protocol.php Stratum mining protocol cheat sheet at BTCGuild's website]</ref>.
As the extension lacks a formal [[BIP]] describing an official standard, it has further developed only by discussion and implementation<ref>[https://bitcointalk.org/?topic=108533.0 Stratum discussion thread on BitcoinTalk Forum]</ref>.

==Protocol==

===Overview===
[http://mining.bitcoin.cz/stratum-mining/#example See also: Original example on slush's pool site]

===Methods (client to server)===

====mining.authorize====
mining.authorize("username", "password")

The result from an authorize request is usually true (successful), or false.
The password may be omitted if the server does not require passwords.

====mining.capabilities (DRAFT)====
NOTE: This is a draft extension proposal. It is not yet in use, and may change at any moment.

mining.capabilities({"notify":[], "set_difficulty":{}, "set_goal":{}, "suggested_target": "hex target"})

The client may send this to inform the server of its capabilities and options.
The singleton parameter is an Object describing capabilities;
by default, it is considered as {"notify":{}, "set_difficulty":[]}, but as soon as this method is used these must be explicitly included if desired.
The "suggested_target" key may supersede the mining.suggest_target method.

Note that most of the keys do not have any meaningful value at this time, and the values thereof should be ignored (ie, only their presence matters).

====mining.extranonce.subscribe====
mining.extranonce.subscribe()

Indicates to the server that the client supports the mining.set_extranonce method.

====mining.get_transactions====
mining.get_transactions("job id")

Server should send back an array with a hexdump of each transaction in the block specified for the given job id.

====mining.submit====
mining.submit("username", "job id", "ExtraNonce2", "nTime", "nOnce")

Miners submit shares using the method "mining.submit".
Client submissions contain:
# ''Worker Name.''
# ''Job ID.''
# ''ExtraNonce2.''
# ''nTime.''
# ''nOnce.''

Server response is result: true for accepted, false for rejected (or you may get an error with more details).

====mining.subscribe====
mining.subscribe("user agent/version", "extranonce1")

The optional second parameter specifies a mining.notify subscription id the client wishes to resume working with (possibly due to a dropped connection).
If provided, a server MAY (at its option) issue the connection the same extranonce1.
Note that the extranonce1 may be the same (allowing a resumed connection) even if the subscription id is changed!

The client receives a result:
[[["mining.set_difficulty", "subscription id 1"], ["mining.notify", "subscription id 2"]], "extranonce1", extranonce2_size]
The result contains three items:
* ''Subscriptions.'' - An array of 2-item tuples, each with a subscription type and id.
* ''ExtraNonce1.'' - Hex-encoded, per-connection unique string which will be used for creating generation transactions later.
* ''ExtraNonce2_size.'' - The number of bytes that the miner users for its ExtraNonce2 counter.

====mining.suggest_difficulty====
mining.suggest_difficulty(preferred share difficulty Number)

Used to indicate a preference for share difficulty to the pool.
Servers are not required to honour this request, even if they support the stratum method.

====mining.suggest_target====
mining.suggest_target("full hex share target")

Used to indicate a preference for share target to the pool, usually prior to mining.subscribe.
Servers are not required to honour this request, even if they support the stratum method.

===Methods (server to client)===

====client.get_version====
client.get_version()

The client should send a result String with its name and version.

====client.reconnect====
client.reconnect("hostname", port, waittime)

The client should disconnect, wait ''waittime'' seconds (if provided), then connect to the given host/port (which defaults to the current server).
Note that for security purposes, clients may ignore such requests if the destination is not the same or similar.

====client.show_message====
client.show_message("human-readable message")

The client should display the message to its user in some reasonable way.

====mining.notify====
mining.notify(...)

Fields in order:
# ''Job ID.'' This is included when miners submit a results so work can be matched with proper transactions.
# ''Hash of previous block.'' Used to build the header.
# ''Generation transaction (part 1).'' The miner inserts ExtraNonce1 and ExtraNonce2 after this section of the transaction data.
# ''Generation transaction (part 2).'' The miner appends this after the first part of the transaction data and the two ExtraNonce values.
# ''List of merkle branches.'' The generation transaction is hashed against the merkle branches to build the final merkle root.
# ''Bitcoin block version.'' Used in the block header.
# ''nBits.'' The encoded network difficulty. Used in the block header.
# ''nTime.'' The current time. nTime rolling should be supported, but should not increase faster than actual time.
# ''Clean Jobs.'' If true, miners should abort their current work and immediately use the new job, even if it degrades hashrate in the short term. If false, they can still use the current job, but should move to the new one as soon as possible without impacting hashrate.

====mining.set_difficulty====
mining.set_difficulty(difficulty)

The server can adjust the difficulty required for miner shares with the "mining.set_difficulty" method.
The miner should begin enforcing the new difficulty on the next job received.
Some pools may force a new job out when set_difficulty is sent, using clean_jobs to force the miner to begin using the new difficulty immediately.

====mining.set_extranonce====
mining.set_extranonce("extranonce1", extranonce2_size)

These values, when provided, replace the initial subscription values beginning with the next mining.notify job.

====mining.set_goal (DRAFT)====
NOTE: This is a draft extension proposal. It is not yet in use, and may change at any moment.

mining.set_goal("goal name", {"malgo": "SHA256d", ...})

Informs the client that future jobs will be working on a specific named goal, with various parameters (currently only "malgo" is defined as the mining algorithm).
Miners may assume goals with the same name are equivalent, but should recognise parameter changes in case a goal varies its parameters.

==Software support==

Tables showing miner/server support for Stratum mining protocol:
* [[Mining software]]
* [[Poolservers]]

==Criticism==

===Closed development===

The mining extensions have been criticised as having been developed behind closed doors without input from the wider development and mining community, resulting in various obvious problems that could have been addressed had it followed the standard [[BIP]] drafting process<ref>[https://bitcointalk.org/?topic=557991.msg6079772#msg6079772 BitcoinTalk: Criticism of stratum's closed creation]</ref>.

===Displacing GBT===

The mining extensions were announced after the community had spent months developing a mostly superior open standard protocol for mining ([[getblocktemplate]])<ref>[https://bitcointalk.org/?topic=557991.msg6105355#msg6105355 BitcoinTalk: Criticism of stratum displacing GBT]</ref>.
Because stratum's mining extensions launched backed by a major mining pool, GBT adoption suffered, and decentralised mining is often neglected while stratum is deployed.

==References==
<references/>

Common Vulnerabilities and Exposures

2024-05-01T01:14:40Z

Luke-jr: Add CVE-2024-34149

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| CVE-2015-3641
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Yet) Unspecified DoS
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| CVE-2020-14198
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|-
| [[#CVE-2024-34149|CVE-2024-34149]]
| 2024-03-30
| Bitcoin Core 0.21.1 and newer (not fixed) Bitcoin Knots 0.21.1 - 0.23.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Script size limit not enforced for Tapscript
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

== CVE-2024-34149 ==

Date: 2024-03-30
Summary: Script size limit not enforced for Tapscript

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.21.1 and later || NOT FIXED
|-
| Bitcoin Knots || 0.21.1 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || ?
|-
| libbitcoin || ? || ?
|}

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Genesis block

2024-03-21T15:15:41Z

Luke-jr: Reverted edits by Ihsan3789 (talk) to last revision by Diegorodriguezv

A '''genesis block''' is the first block of a [[block chain]]. Modern versions of Bitcoin number it as '''block 0''', though very early versions counted it as block 1. The genesis block is almost always hardcoded into the software of the applications that utilize its block chain. It is a special case in that it does not reference a previous block, and for [[Bitcoin]] and almost all of its derivatives, it produces an unspendable subsidy.

== Main network genesis block ==
Here is a representation of the genesis block<ref name="block">{{cite block|hash=000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f|0|year=2009|month=01|day=03}}</ref> as it appeared in a comment in an old version of Bitcoin ([http://sourceforge.net/p/bitcoin/code/133/tree/trunk/main.cpp#l1613 line 1613]). The first section defines exactly all of the variables necessary to recreate the block. The second section is the block in standard printblock format, which contains shortened versions of the data in the first section.

GetHash() = 0x000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f
hashMerkleRoot = 0x4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b
txNew.vin[0].scriptSig = 486604799 4 0x736B6E616220726F662074756F6C69616220646E6F63657320666F206B6E697262206E6F20726F6C6C65636E61684320393030322F6E614A2F33302073656D695420656854
txNew.vout[0].nValue = 5000000000
txNew.vout[0].scriptPubKey = 0x5F1DF16B2B704C8A578D0BBAF74D385CDE12C11EE50455F3C438EF4C3FBCF649B6DE611FEAE06279A60939E028A8D65C10B73071A6F16719274855FEB0FD8A6704 OP_CHECKSIG
block.nVersion = 1
block.nTime = 1231006505
block.nBits = 0x1d00ffff
block.nNonce = 2083236893

CBlock(hash=000000000019d6, ver=1, hashPrevBlock=00000000000000, hashMerkleRoot=4a5e1e, nTime=1231006505, nBits=1d00ffff, nNonce=2083236893, vtx=1)
CTransaction(hash=4a5e1e, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 04ffff001d0104455468652054696d65732030332f4a616e2f32303039204368616e63656c6c6f72206f6e206272696e6b206f66207365636f6e64206261696c6f757420666f722062616e6b73)
CTxOut(nValue=50.00000000, scriptPubKey=0x5F1DF16B2B704C8A578D0B)
vMerkleTree: 4a5e1e
===Hash===
The hash of the genesis block, '''000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f''',<ref name="block"/> has two more leading hex zeroes than were required for an early block.

===Coinbase===
[[File:jonny1000thetimes.png|thumb|256px|The Times 03/Jan/2009]]
The [[coinbase]] parameter (seen above in hex) contains, along with the normal data, the following text:<ref>[http://web.archive.org/web/20140309004338/http://uk.reuters.com/article/2009/01/03/idUKPTIP32510920090103 Reuters' reference on The Financial Times article (archive.org cached copy)]</ref>

<blockquote>The Times 03/Jan/2009 Chancellor on brink of second bailout for banks<ref name="block"/></blockquote>

This was probably intended as proof that the block was created on or after January 3, 2009, as well as a comment on the instability caused by fractional-reserve banking. Additionally, it suggests that [[Satoshi Nakamoto]] may have lived in the United Kingdom.<ref>{{cite web|author=Davis, J.|year=2011|title=The Crypto-Currency|publisher=''The New Yorker''|url=http://www.newyorker.com/magazine/2011/10/10/the-crypto-currency}}</ref>

The detail "second bailout for banks" could also suggest that in a supposedly liberal and capitalist system, rescuing banks like that was a problem for Satoshi. The chosen topic could hint at bitcoin's purpose.

===Block reward===
The first 50 BTC block reward went to [[address]] ''1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa'',<ref name="block"/> though this reward can't be spent due to a quirk in the way that the genesis block is expressed in the code. It is not known if this was done intentionally or accidentally.<ref>http://bitcoin.stackexchange.com/questions/10009/why-can-t-the-genesis-block-coinbase-be-spent</ref><ref>https://www.reddit.com/r/Bitcoin/comments/1nc13r/the_first_50btc_block_reward_cant_be_spend_why/</ref><ref>https://github.com/bitcoin/bitcoin/blob/9546a977d354b2ec6cd8455538e68fe4ba343a44/src/main.cpp#L1668 - Genesis block transaction treated as a special case in the reference code</ref> It is believed that other outputs sent to this address are spendable, but it is unknown if Satoshi Nakamoto has the private key for this particular address, if one existed at all.

===Timestamp===
Although the average time between Bitcoin blocks is 10 minutes, the [[block timestamp|timestamp]] of the next block is a full 6 days after the genesis block. One interpretation is that Satoshi was working on bitcoin for some time beforehand and the ''The Times'' front page prompted him to release it to the public. He then mined the genesis block with a timestamp in the past to match the headline. It is also possible that, since the block's hash is so low, he may have spent 6 days mining it with the same timestamp before proceeding to block 1. The [[prenet hypothesis]] suggests that the genesis block was solved on January 3, but the software was tested by Satoshi Nakamoto using that genesis block until January 9, when all the test blocks were deleted and the genesis block was reused for the main network.

===Raw block data===

The [https://bitcointalk.org/index.php?topic=52706 raw hex version] of the Genesis block looks like:
00000000 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000020 00 00 00 00 3B A3 ED FD 7A 7B 12 B2 7A C7 2C 3E ....;£íýz{.²zÇ,>
00000030 67 76 8F 61 7F C8 1B C3 88 8A 51 32 3A 9F B8 AA gv.a.È.ÃˆŠQ2:Ÿ¸ª
00000040 4B 1E 5E 4A 29 AB 5F 49 FF FF 00 1D 1D AC 2B 7C K.^J)«_Iÿÿ...¬+|
00000050 01 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000070 00 00 00 00 00 00 FF FF FF FF 4D 04 FF FF 00 1D ......ÿÿÿÿM.ÿÿ..
00000080 01 04 45 54 68 65 20 54 69 6D 65 73 20 30 33 2F ..EThe Times 03/
00000090 4A 61 6E 2F 32 30 30 39 20 43 68 61 6E 63 65 6C Jan/2009 Chancel
000000A0 6C 6F 72 20 6F 6E 20 62 72 69 6E 6B 20 6F 66 20 lor on brink of
000000B0 73 65 63 6F 6E 64 20 62 61 69 6C 6F 75 74 20 66 second bailout f
000000C0 6F 72 20 62 61 6E 6B 73 FF FF FF FF 01 00 F2 05 or banksÿÿÿÿ..ò.
000000D0 2A 01 00 00 00 43 41 04 67 8A FD B0 FE 55 48 27 *....CA.gŠý°þUH'
000000E0 19 67 F1 A6 71 30 B7 10 5C D6 A8 28 E0 39 09 A6 .gñ¦q0·.\Ö¨(à9.¦
000000F0 79 62 E0 EA 1F 61 DE B6 49 F6 BC 3F 4C EF 38 C4 ybàê.aÞ¶Iö¼?Lï8Ä
00000100 F3 55 04 E5 1E C1 12 DE 5C 38 4D F7 BA 0B 8D 57 óU.å.Á.Þ\8M÷º..W
00000110 8A 4C 70 2B 6B F1 1D 5F AC 00 00 00 00 ŠLp+kñ._¬....

Broken down it looks like this:

01000000 - version
0000000000000000000000000000000000000000000000000000000000000000 - prev block
3BA3EDFD7A7B12B27AC72C3E67768F617FC81BC3888A51323A9FB8AA4B1E5E4A - merkle root
29AB5F49 - timestamp
FFFF001D - bits
1DAC2B7C - nonce
01 - number of transactions
01000000 - version
01 - input
0000000000000000000000000000000000000000000000000000000000000000FFFFFFFF - prev output
4D - script length
04FFFF001D0104455468652054696D65732030332F4A616E2F32303039204368616E63656C6C6F72206F6E206272696E6B206F66207365636F6E64206261696C6F757420666F722062616E6B73 - scriptsig
FFFFFFFF - sequence
01 - outputs
00F2052A01000000 - 50 BTC
43 - pk_script length
4104678AFDB0FE5548271967F1A67130B7105CD6A828E03909A67962E0EA1F61DEB649F6BC3F4CEF38C4F35504E51EC112DE5C384DF7BA0B8D578A4C702B6BF11D5FAC - pk_script
00000000 - lock time
==References==
<references/>

[[zh-cn:创世block]]
[[es:Bloque Génesis]]
__NOTOC__

[[Category:Technical]]

Wladimir van der Laan

2023-12-30T17:52:54Z

Luke-jr:

{{infobox person
|name=Wladimir van der Laan
|names=Wlad, laanwj
|active=2011–present
|residence=Eindhoven, The Netherlands
|knownfor=Contributions to [[Bitcoin Core]]
|notableworks=[[Visucore]]
|twitter=orionwl
}}'''Wladimir J. van der Laan''' is the current [[Core maintainer|maintainer]] of [[Bitcoin Core]].

On April 7, 2014, [[Gavin Andresen]] stepped down from the position of Core maintainer and nominated Laan as his successor.<ref>{{cite web|title=Bitcoin Core Maintainer: Wladimir van der Laan|work=[[Bitcoin Foundation]]|date=7 April 2014|url=https://bitcoinfoundation.org/2014/04/bitcoin-core-maintainer-wladimir-van-der-laan/|author=[[Gavin Andresen|Andresen, Gavin]]|accessdate=19 September 2014}}</ref>

On January 21st, 2021, Wlad announced that he would be delegating his tasks.<ref>[https://laanwj.github.io/2021/01/21/decentralize.html The Widening Gyre on Lannwj's blog]</ref>

Wladimir gradualy stepped down in the following 2 years. On February 2023 Wladimir removed his own merge privileges. <ref>[https://github.com/bitcoin/bitcoin/pull/27054 Bitcoin Core pull request #27054]</ref>

==References==
<references/>
{{s-start|Bitcoin [[Core maintainer]]|[[Gavin Andresen]]|2014–2022|No more "lead maintainer"}}
{{developers}}{{stub}}
[[Category:Core committers]]
[[Category:Core developers]]

Transaction broadcasting

2023-12-30T17:51:55Z

Luke-jr: Reverted edits by Bitlabs (talk) to last revision by BitTools

{{seealso|Satoshi Client Transaction Exchange}}

==See Also==

* [[Transaction accelerator]]

Third party sites to (re-)submit a raw, signed transaction to the network; sometimes referred to as "pushtx":

* https://bitaps.com/broadcast
* https://btc.network/broadcast
* https://blockchair.com/broadcast
* https://live.blockcypher.com/btc/pushtx/
* https://btc.com/tools/tx/publish
* https://www.viabtc.com/tools/broadcast
* https://www.blockchain.com/explorer/assets/btc/broadcast-transaction
* https://blockstream.info/tx/push
* https://coinb.in/#broadcast

==Footnotes==
[[Category:Developer]]

Transaction accelerator

2023-12-30T17:49:56Z

Luke-jr: Reverted edits by Bitlabs (talk) to last revision by BitTools

=What to Do if Your Bitcoin Transaction Gets "Stuck"=

The number of transactions on the Bitcoin network has steadily increased over the years. This means more blocks are filling up. And as not all transactions can be included in the blockchain straight away, backlogs form in miners’ “mempools” (a sort of “transaction queue.”)

Miners typically pick the transactions that pay the most fees and include these in their blocks first. Transactions that include lower fees are “outbid” on the so called “fee market,” and remain in miners’ mempools until a new block is found. If the transaction is outbid again, it has to wait until the next block.

This can lead to a suboptimal user experience. Transactions with too low a fee can take hours or even days to confirm, and sometimes never confirm at all.

==Fee Bumping==

The recommended approach to "accelerating" a transaction is to perform a [[fee bumping]] methods, either [[replace by fee|replace-by-fee]] (RBF), or [[Transaction fees#Feerates_for_dependent_transactions_.28child-pays-for-parent.29|child-pays-for-parent]] (CPFP), which are available to:

* Sender of the Bitcoin transaction: Replace-by-fee (RBF), and Child-pays-for-parent (CPFP)
* Recipient of the Bitcoin transaction: Child-pays-for-parent (CPFP)

==Bitcoin transaction accelerators==

Caution: As editors, we strive to present you with the most reliable accelerators in the industry. However, we strongly encourage you to conduct your own research by reviewing authentic feedback and verifying the legitimacy of the businesses. It's important to be aware that there are numerous purported transaction accelerators that are, unfortunately, fraudulent schemes. Some of these claim to collaborate with mining pools on your behalf. Yet, due to the challenges in verifying such claims and the past contentious discussions around providing an exhaustive list, we have refined our approach.

Hence, we are now exclusively listing accelerators that are definitively and verifiably operated by established pools or miners, possessing a minimum of 0.1% of the total network hash rate. This stringent criterion has been adopted to ensure the accuracy and reliability of the information we present.

===Mining Pool Accelerators===

A mining pool may offer a premium service in which they will prioritize a transaction, usually for a fee. The ability for that pool to get a transaction confirmed is limited to their ability to get a block confirmed -- and most pools have a tiny [https://www.blockchain.com/pools fraction of the hashrate]. For example, if a pool has 10% of the hashrate, they mine about a block every 100 minutes (1 hour and 40 minutes), on average. If a pool has 5% of the hashrate, then they mine one block about every 200 minutes (3 hours and 20 minutes), on average.

* [https://binance.com Binance Pool] - is a prominent cryptocurrency mining pool operated by Binance, one of the world's leading blockchain and cryptocurrency exchange platforms. In addition to its mining services, The Pool offers exclusive transaction acceleration services for VIP users, ensuring swift confirmation of their cryptocurrency transactions.

* [https://pool.viabtc.com/tools/txaccelerator/ ViaBTC] - Working as of December 30, 2020. ViaBTC implemented this service to protest against the prior 1MB limitation of the Bitcoin network. ViaBTC gives priority to user-submitted transactions for the next mined blocks by the ViaBTC pool. The only requirement is the transaction must include a minimum fee of 10 sat/B. The free-to-use nature of the service may have made it widely popular as every hour, the number of transaction requested reaches its limit (of 100) and it is common to be presented with the message “Submissions are beyond limit. Please try later.” on the top middle of the page. This means one must wait for the next hour to try a new submission. After submitting a transaction, there is a wait for the next block to be mined by ViaBTC Pool.

Transaction accelerator

2023-12-10T16:26:00Z

Luke-jr:

=What to Do if Your Bitcoin Transaction Gets "Stuck"=

The number of transactions on the Bitcoin network has steadily increased over the years. This means more blocks are filling up. And as not all transactions can be included in the blockchain straight away, backlogs form in miners’ “mempools” (a sort of “transaction queue.”)

Miners typically pick the transactions that pay the most fees and include these in their blocks first. Transactions that include lower fees are “outbid” on the so called “fee market,” and remain in miners’ mempools until a new block is found. If the transaction is outbid again, it has to wait until the next block.

This can lead to a suboptimal user experience. Transactions with too low a fee can take hours or even days to confirm, and sometimes never confirm at all.

==Fee Bumping==

The recommended approach to "accelerating" a transaction is to perform a [[fee bumping]] methods, either [[replace by fee|replace-by-fee]] (RBF), or [[Transaction fees#Feerates_for_dependent_transactions_.28child-pays-for-parent.29|child-pays-for-parent]] (CPFP), which are available to:

* Sender of the Bitcoin transaction: Replace-by-fee (RBF), and Child-pays-for-parent (CPFP)
* Recipient of the Bitcoin transaction: Child-pays-for-parent (CPFP)

==Bitcoin transaction accelerators==

Caution: As editors, we strive to present you with the most reliable accelerators in the industry. However, we strongly encourage you to conduct your own research by reviewing authentic feedback and verifying the legitimacy of the businesses. It's important to be aware that there are numerous purported transaction accelerators that are, unfortunately, fraudulent schemes. Some of these claim to collaborate with mining pools on your behalf. Yet, due to the challenges in verifying such claims and the past contentious discussions around providing an exhaustive list, we have refined our approach.

Hence, we are now exclusively listing accelerators that are definitively and verifiably operated by established pools or miners, possessing a minimum of 0.1% of the total network hash rate. This stringent criterion has been adopted to ensure the accuracy and reliability of the information we present.

===Mining Pool Accelerators===

A mining pool may offer a premium service in which they will prioritize a transaction, usually for a fee. The ability for that pool to get a transaction confirmed is limited to their ability to get a block confirmed -- and most pools have a tiny [https://www.blockchain.com/pools fraction of the hashrate]. For example, if a pool has 10% of the hashrate, they mine about a block every 100 minutes (1 hour and 40 minutes), on average. If a pool has 5% of the hashrate, then they mine one block about every 200 minutes (3 hours and 20 minutes), on average.

* [https://binance.com Binance Pool] - is a prominent cryptocurrency mining pool operated by Binance, one of the world's leading blockchain and cryptocurrency exchange platforms. In addition to its mining services, Binance Pool offers exclusive transaction acceleration services for VIP users, ensuring swift confirmation of their cryptocurrency transactions.

* [https://pool.viabtc.com/tools/txaccelerator/ ViaBTC] - Working as of December 30, 2020. ViaBTC implemented this service to protest against the prior 1MB limitation of the Bitcoin network. ViaBTC gives priority to user-submitted transactions for the next mined blocks by the ViaBTC pool. The only requirement is the transaction must include a minimum fee of 10 sat/B. The free-to-use nature of the service may have made it widely popular as every hour, the number of transaction requested reaches its limit (of 100) and it is common to be presented with the message “Submissions are beyond limit. Please try later.” on the top middle of the page. This means one must wait for the next hour to try a new submission. After submitting a transaction, there is a wait for the next block to be mined by ViaBTC Pool.

Comparison of mining pools

2023-12-10T16:24:34Z

Luke-jr: Reverted edits by Luke-jr (talk) to last revision by Alejandrobitcoin

Reward types & explanation:
* '''CPPSRB''' - Capped Pay Per Share with Recent Backpay. [http://eligius.st/wiki/index.php/Capped_PPS_with_Recent_Backpay]
* '''DGM''' - Double Geometric Method. A hybrid between PPLNS and Geometric reward types that enables to operator to absorb some of the variance risk. Operator receives portion of payout on short rounds and returns it on longer rounds to normalize payments. [https://bitcointalk.org/index.php?topic=39497.0]
* '''ESMPPS''' - Equalized Shared Maximum Pay Per Share. Like SMPPS, but equalizes payments fairly among all those who are owed. [http://bitcointalk.org/index.php?topic=12181.msg378851#msg378851]
* '''POT''' - Pay On Target. A high variance PPS variant that pays on the difficulty of work returned to pool rather than the difficulty of work served by pool [https://bitcointalk.org/index.php?topic=131376.0]
* '''PPLNS''' - Pay Per Last N Shares. Similar to proportional, but instead of looking at the number of shares in the round, instead looks at the last N shares, regardless of round boundaries.
* '''PPLNSG''' - Pay Per Last N Groups (or shifts). Similar to PPLNS, but shares are grouped into "shifts" which are paid as a whole.
* '''PPS''' - Pay Per Share. Each submitted share is worth certain amount of BTC. Since finding a block requires <current difficulty> shares ''on average'', a PPS method with 0% fee would be 6.25 BTC divided by <current difficulty>. It is risky for pool operators, hence the fee is highest.
* '''Prop.''' - Proportional. When block is found, the reward is distributed among all workers proportionally to how much shares each of them has found.
* '''RSMPPS''' - Recent Shared Maximum Pay Per Share. Like SMPPS, but system aims to prioritize the most recent miners first. [http://eligius.st/wiki/index.php/Shared_Maximum_PPS]
* '''Score''' - Score based system: a proportional reward, but weighed by time submitted. Each submitted share is worth more in the function of time ''t'' since start of current round. For each share score is updated by: score += exp(t/C). This makes later shares worth much more than earlier shares, thus the miner's score quickly diminishes when they stop mining on the pool. Rewards are calculated proportionally to scores (and not to shares). (at slush's pool C=300 seconds, and every hour scores are normalized)
* '''SMPPS''' - Shared Maximum Pay Per Share. Like Pay Per Share, but never pays more than the pool earns. [http://eligius.st/wiki/index.php/Shared_Maximum_PPS]
* '''FPPS''' - Full Pay Per Share. Similar to PPS，but not only divide regular block reward (6.25 BTC for now) but also some of the transaction fees. Calculate a standard transaction fee within a certain period and distribute it to miners according to their hash power contributions in the pool. It will increase the miners' earnings by sharing some of the transaction fees.
* '''TIDES''' - Transparent Index of Distinct Extended Shares. As blocks are being mined, they generate the reward by a weighted percentage of effort to the most recently found proofs. The proof period funds are distributed across has been chosen such that each proof should be paid on average 8 times. Instead of a set amount of bitcoins per proof, the block reward is divided by percent, so transaction fees are included.

A statistically valid analysis of some pools and their payout methods: [http://organofcorti.blogspot.com/ Bitcoin network and pool analysis]

== Operational Pools ==

The following mining pools are still running and paying out their users:

{| class="wikitable sortable" border="1"
|-
! Name !! Location !! Size<ref name="hashrate2"/>
! Merged Mining<ref name="merged"/>
! Reward Type !! Transaction fees!!PPS Fee!!Other Fee!! [[File:Stm.png|link=Stratum_mining_protocol]] !! [[getblocktemplate|GBT]]
! Launched !! Variance !! Forum !! Website
|-
| [[AntPool]] || China || Large || No || PPLNS & PPS || {{PoolFees}} || 2.5% || 0% || {{Yes}} || {{No}}
| ? || ? || [https://bitcointalk.org/index.php?topic=855548 link] || [https://www.antpool.com/ link]
|-
| [[BTC.com]] || {{flag|cn}}{{flag|us|}}{{flag|eu}} || Medium || [[NMC]] || FPPS || {{SharedFees}} || 0% || 4% || {{Yes}} || {{No}}
| 2016-09-13 || User || [https://bitcointalk.org/index.php?topic=1827718.0 link] || [https://pool.btc.com/ link]
|-
| [[DEMAND]] || Global || Small || No || SOLO || {{SharedFees}} || || 0% || {{Yes}} || {{No}}
| 2023-11-27 || || [https://bitcointalk.org/index.php?topic=5476679.0 link] || [http://DMND.WORK link]
|-
| [[F2Pool]] || {{flag|us|}}{{flag|eu|}}{{flag|cn|}} || Large || NMC, SYS, EMC || PPS+ || {{SharedFees}} || 2.5% || 0% || {{Yes}} || {{No}}
| 2013-05-05 || Dynamic || [https://bitcointalk.org/index.php?topic=700411.0 link] || [https://www.f2pool.com link]
|-
| [[Golden Nonce Pool]] || {{flag|us}}{{flag|eu}}|| Small || No || DGM || {{PoolFees}} || || 0% || {{Yes}} ||
| 2018-03-27 || Dynamic || [https://bitcointalk.org/index.php?topic=3208073;all link] || [https://goldennoncepool.com link]
|-
| [[KanoPool]] || {{flag|us}}{{flag|sg}}{{flag|de}}{{flag|jp}}{{flag|nl}} || Medium || No || PPLNSG || {{SharedFees}} || || 0.9% || {{Yes}} || {{No}}
| 2014-09-20 || User<ref name="changeable"/>/Dynamic 18SPM || [https://bitcointalk.org/index.php?topic=789369.0 link] || [http://www.kano.is link]
|-
| [[P2Pool]] || Global (p2p) || Small || Merged mining can be done on a "solo mining" basis <ref name="solomm"/> || PPLNS || {{SharedFees}} || || | 0% || {{Yes}} || {{No}}
| 2011-06-17 || User<ref name="changeable"/> || [http://bitcointalk.org/?topic=18313 link] ||
|-
|-
| [[Poolin]] || Global || Medium ||[[NMC]] VCASH || FPPS || {{SharedFees}} || 2.5% || 0% || {{Yes}} || {{Yes}}
| 2017-10-01 || Dynamic || [https://bitcointalk.org/index.php?topic=5169994.0 link] || [https://poolin.com/ link]
|-
| [[SBICrypto Pool]] || Global || Medium || No || FPPS || {{SharedFees}} || 0% || 0% || {{Yes}} || {{Yes}}
| 2020-11-03 || User<ref name="changeable"/>/Dynamic || || [https://sbicrypto.com/ link]
|-
| [[Slush Pool]]
| Global || Medium || [[NMC]] || Score || {{SharedFees}} || || 2% || {{Yes}} || {{No}}
| 2010-11-27 || User<ref name="changeable"/> || [http://bitcointalk.org/?topic=1976 link] || [https://slushpool.com/ link]
|-
| [[Luxor]] || {{flag|us|label=1}}|| Medium || No || FPPS & PPS || {{SharedFees}} || 2% || 0% || {{Yes}} ||
| 2018-01-01 || VarDiff || || [https://mining.luxor.tech// link]
|-
| [[OCEAN]] || {{flag|us|label=1}}|| Small || No || TIDES || {{SharedFees}} || || 0% || {{Yes}} || {{No}}
| 2011-04-27 || Dynamic || || [http://ocean.xyz link]
|-
|}

== Defunct Pools ==

The following pools were once operational but have since shut down. They are listed for historical purposes only.

{| class="wikitable sortable" border="1"
|-
! Name !! Location !! Size<ref name="hashrate2"/>
! Merged Mining<ref name="merged"/>
! Reward Type !! Transaction fees!!PPS Fee!!Other Fee!! [[File:Stm.png|link=Stratum_mining_protocol]] !! [[getblocktemplate|GBT]]
! Launched !! Variance !! Forum !! Website
|-
| [[BCMonster.com]] ||{{flag|us|}}{{flag|eu}}{{flag|cn|}} || Small || No || PPLNS || {{SharedFees}} || || 0.5% || {{Yes}} || {{No}}
| 2016-01-13 || Dynamic || [https://bitcointalk.org/index.php?topic=1327077.0 link] || [http://www.bcmonster.com link]
|-
| [[BitcoinAffiliateNetwork]] || {{flag|us|}}{{flag|eu}}{{flag|cn|}}{{flag|nl|}}{{flag|au|}} || ? || [[NMC]] || ? || {{PoolFees}} || ? || ? || {{Yes}} ||
| 2014-07-15 || User/Dynamic || [https://bitcointalk.org/index.php?topic=722202.0 link] || [http://mining.bitcoinaffiliatenetwork.com/ link]
|-
| [[BitMinter]] || {{flag|us}}{{flag|ca|label=1}}{{flag|eu}} || Small || [[NMC]] || PPLNSG || {{SharedFees}} || || 1% || {{Yes}} || {{No}}
| 2011-06-26 || User<ref name="changeable"/>/Dynamic || [https://bitcointalk.org/?topic=788753 link] || [https://bitminter.com link]
|-
| [[BTCDig]] || {{flag|us|label=1}}|| Small || No || DGM || {{PoolFees}} || || 0% || {{Yes}} ||
| 2013-07-04 || User<ref name="changeable"/>/Dynamic 20SPM || [https://bitcointalk.org/index.php?topic=249627 link] || [http://btcdig.com/ link]
|-
| [[btcmp.com]] || {{flag|de|label=1}}|| Small || No || PPS || {{PoolFees}} || 4% || || {{Yes}} ||
| 2011-06-28 || Diff 1 || || [http://www.btcmp.com/ link]
|-
| [[BTCC Pool]] || China, Japan || Large || [[NMC]] || PPS || {{PoolFees}} || 2.0% || 0% || {{Yes}} || {{Yes}}
| 2014-10-21 || Dynamic || ? || [https://pool.btcc.com link]
|-
| [[btcZPool.com]] || {{flag|us|label=1}}|| Large || BitCoinZ || PPLNS || {{SharedFees}} || 1% || 0% || {{Yes}} ||
| 2017-06-25 || VarDiff || || [http://www.btcZPool.com/ link]
|-
|-
| [[BW Mining]] || China || Medium || ? || PPLNS & PPS || ? || ? || ? || {{Yes}} ||
| ? || ? || ? || [https://www.bw.com/pool link]
|-
| [[Eligius]] || {{flag|us|label=1}}|| Small || [[NMC]] || CPPSRB || {{SharedFees}} || || 0% || {{Yes}} || {{Yes}}
| 2011-04-27 || Dynamic: 32 shares/m || [https://bitcointalk.org/?topic=441465 link] || [http://eligius.st link]
|-
| [[EMCD Pool]] || CIS, EU, KZ, IR, China || Medium || - || FPPS+ || {{SharedFees}} || 1% || 0% || {{Yes}} || {{No}}
| 2018-01-26 || Dynamic || || [https://pool.emcd.io link]
|-
| [[GHash.IO]] || {{flag|nl|label=1}}|| Small || [[NMC]], IXC, [[Devcoin]] || PPLNS || {{SharedFees}} || || 0% || {{Yes}} || {{No}}
| 2013-07-01 || User<ref name="changeable"/> || [https://support.cex.io link] || [https://ghash.io/ link]
|-
| [[Give Me COINS]] || {{flag|us}}{{flag|eu}} || Small || [[NMC]] || PPLNS || {{SharedFees}} || || 0%|| {{Yes}} || {{Yes}}
| 2013-08-12 || Dynamic || [https://bitcointalk.org/index.php?topic=272017.0 link] || [http://give-me-coins.com link]
|-
| [[Jonny Bravo's Mining Emporium]] ||{{flag|us|}}{{flag|eu}} || Small || No || PPLNS || {{SharedFees}} || || 0.5% || {{Yes}} || {{No}}
| 2015-11-19 || Dynamic || [https://bitcointalk.org/index.php?topic=1330452.0 link] || [http://www.bravo-mining.com link]
|-
| [[kmdPool.org]] || {{flag|us|label=1}}|| Large || Komodo || PPLNS || {{SharedFees}} || 1% || 0% || {{Yes}} ||
| 2017-11-25 || VarDiff || || [http://www.kmdPool.org/ link]
|-
| [[MergeMining]] || Global || Small || CRW, DVC, HUC, I0C, IXC, XMY/MYR, NMC, SYS, UNO, TRC, ARG, EMC || PPLNS || {{SharedFees}} || || 1% || {{Yes}} || {{No}}
| 2016-12-01|| User<ref name="changeable"/> || || [https://mergemining.com link]
|-
| [[Multipool]] || {{flag|us}}{{flag|eu}} || Small || [[NMC]] || Score || {{SharedFees}} || || 1.5% || {{Yes}} || {{No}}
| 2012-03-15 || User || [https://bitcointalk.org/index.php?topic=311067.0 link] || [https://www.multipool.us/ link]
|-
| [[ZenPool.org]] || {{flag|us|label=1}}|| Large || ZenCash || PPLNS || {{SharedFees}} || 1% || 0% || {{Yes}} ||
| 2017-10-25 || VarDiff || || [http://www.ZenPool.org/ link]
|-
|}

== SPV Mining / Old Bitcoin Core ==

The following pools are known or strongly suspected to be mining on top of blocks before fully validating them with Bitcoin Core 0.9.5 or later. Miners doing this have already lost over $50,000 USD during the 4 July 2015 fork and have created a situation where small numbers of confirmations are much less useful than they normally are.

* BTC Nuggets
* [https://www.f2pool.com/ F2Pool]<ref name="spv_despite_incident">[https://bitcointalk.org/index.php?topic=700411.msg11790734#msg11790734 Intention to continue SPV mining], Wang Chun, 4 July 2015</ref>
* AntPool<ref name="spv_despite_incident" />

The following pools are believed to be currently fully validating blocks with Bitcoin Core 0.9.5 or later (0.10.2 or later recommended due to DoS vulnerabilities):

* [[BitMinter]]
* BTC China (described as SPV mining<ref name="spv_despite_incident" />, but they're performing effective valiation)
* [[BTC Public Mining Pool]]
* [[CKPool]]
* [[Eligius]]
* [[Golden Nonce Pool]]
* [[P2Pool]]
* [[Bitcoin Pooled Mining|Slush Pool]]
* [[BCMonster.com]]
* [[Jonny Bravo's Mining Emporium]]

== References ==

<references>

<ref name="hashrate2">Note that pool hashrate is largely irrelevant but can be seen as a popularity measurement. It is a theoretical security issue if one pool gains above 50% of the total computational power of the network, thus consider joining a pool based on other metrics. The pool's total hash rate is very dynamic on most pools. Over time, as the network grows, so does most pool's hash rates. The displayed values are the pool's relative sizes based on the network: Small: less than 2%, Medium: 2%-10% Large: greater than 10% of the network.</ref>

<ref name="merged">Merged mining allows miners to mine on multiple [[block chains]] at the same time with the same hashing.</ref>

<ref name="changeable">The difficulty of the shares can be changed by the user.</ref>
<ref name="solomm">Merged mining can be done on a "solo mining" basis (payouts in the merged chain are not pooled).</ref>
</references>

== See also ==
* [[Pooled mining]]
* [https://www.blocktrail.com/BTC/pools Pool Distribution Summary]
* [https://www.bitcoinmining.com/ Bitcoin Mining]
* [https://www.youtube.com/watch?v=GmOzih6I1zs Video: What is Bitcoin Mining]
* [https://www.bitcoinmining.com/bitcoin-mining-pools/ Bitcoin Mining Pools]
* [https://bitcoinchain.com/pools Bitcoin Mining Pools Comparison]
[[Category:Mining]]
{{Pools}}

DEMAND

2023-12-10T16:24:23Z

Luke-jr: Reverted edits by Luke-jr (talk) to last revision by Alejandrobitcoin

{{infobox company|
|founder= Alejandro De La Torre, CEO Co-Founder
Filippo Merli, Technical Lead, Co-Founder
|foundation= 2023
|industry=[[Mining Pool]]
|website=https://www.DMND.WORK}}
[https://WWW.DMND.WORK DEMAND] is the first Stratum V2, bitcoin [[Mining Pool|mining pool]]. Both Solo and Pooled mining available.

==External Links==

* Website: https://www.DMND.WORK/

[[Category:Services]]

DEMAND

2023-12-10T16:24:15Z

Luke-jr: Pools are not solo

{{infobox company|
|founder= Alejandro De La Torre, CEO Co-Founder
Filippo Merli, Technical Lead, Co-Founder
|foundation= 2023
|industry=[[Mining Pool]]
|website=https://www.DMND.WORK}}
[https://WWW.DMND.WORK DEMAND] is the first Stratum V2, bitcoin [[Mining Pool|mining pool]].

==External Links==

* Website: https://www.DMND.WORK/

[[Category:Services]]

Comparison of mining pools

2023-12-10T16:24:00Z

Luke-jr: Pools are not solo

Reward types & explanation:
* '''CPPSRB''' - Capped Pay Per Share with Recent Backpay. [http://eligius.st/wiki/index.php/Capped_PPS_with_Recent_Backpay]
* '''DGM''' - Double Geometric Method. A hybrid between PPLNS and Geometric reward types that enables to operator to absorb some of the variance risk. Operator receives portion of payout on short rounds and returns it on longer rounds to normalize payments. [https://bitcointalk.org/index.php?topic=39497.0]
* '''ESMPPS''' - Equalized Shared Maximum Pay Per Share. Like SMPPS, but equalizes payments fairly among all those who are owed. [http://bitcointalk.org/index.php?topic=12181.msg378851#msg378851]
* '''POT''' - Pay On Target. A high variance PPS variant that pays on the difficulty of work returned to pool rather than the difficulty of work served by pool [https://bitcointalk.org/index.php?topic=131376.0]
* '''PPLNS''' - Pay Per Last N Shares. Similar to proportional, but instead of looking at the number of shares in the round, instead looks at the last N shares, regardless of round boundaries.
* '''PPLNSG''' - Pay Per Last N Groups (or shifts). Similar to PPLNS, but shares are grouped into "shifts" which are paid as a whole.
* '''PPS''' - Pay Per Share. Each submitted share is worth certain amount of BTC. Since finding a block requires <current difficulty> shares ''on average'', a PPS method with 0% fee would be 6.25 BTC divided by <current difficulty>. It is risky for pool operators, hence the fee is highest.
* '''Prop.''' - Proportional. When block is found, the reward is distributed among all workers proportionally to how much shares each of them has found.
* '''RSMPPS''' - Recent Shared Maximum Pay Per Share. Like SMPPS, but system aims to prioritize the most recent miners first. [http://eligius.st/wiki/index.php/Shared_Maximum_PPS]
* '''Score''' - Score based system: a proportional reward, but weighed by time submitted. Each submitted share is worth more in the function of time ''t'' since start of current round. For each share score is updated by: score += exp(t/C). This makes later shares worth much more than earlier shares, thus the miner's score quickly diminishes when they stop mining on the pool. Rewards are calculated proportionally to scores (and not to shares). (at slush's pool C=300 seconds, and every hour scores are normalized)
* '''SMPPS''' - Shared Maximum Pay Per Share. Like Pay Per Share, but never pays more than the pool earns. [http://eligius.st/wiki/index.php/Shared_Maximum_PPS]
* '''FPPS''' - Full Pay Per Share. Similar to PPS，but not only divide regular block reward (6.25 BTC for now) but also some of the transaction fees. Calculate a standard transaction fee within a certain period and distribute it to miners according to their hash power contributions in the pool. It will increase the miners' earnings by sharing some of the transaction fees.
* '''TIDES''' - Transparent Index of Distinct Extended Shares. As blocks are being mined, they generate the reward by a weighted percentage of effort to the most recently found proofs. The proof period funds are distributed across has been chosen such that each proof should be paid on average 8 times. Instead of a set amount of bitcoins per proof, the block reward is divided by percent, so transaction fees are included.

A statistically valid analysis of some pools and their payout methods: [http://organofcorti.blogspot.com/ Bitcoin network and pool analysis]

== Operational Pools ==

The following mining pools are still running and paying out their users:

{| class="wikitable sortable" border="1"
|-
! Name !! Location !! Size<ref name="hashrate2"/>
! Merged Mining<ref name="merged"/>
! Reward Type !! Transaction fees!!PPS Fee!!Other Fee!! [[File:Stm.png|link=Stratum_mining_protocol]] !! [[getblocktemplate|GBT]]
! Launched !! Variance !! Forum !! Website
|-
| [[AntPool]] || China || Large || No || PPLNS & PPS || {{PoolFees}} || 2.5% || 0% || {{Yes}} || {{No}}
| ? || ? || [https://bitcointalk.org/index.php?topic=855548 link] || [https://www.antpool.com/ link]
|-
| [[BTC.com]] || {{flag|cn}}{{flag|us|}}{{flag|eu}} || Medium || [[NMC]] || FPPS || {{SharedFees}} || 0% || 4% || {{Yes}} || {{No}}
| 2016-09-13 || User || [https://bitcointalk.org/index.php?topic=1827718.0 link] || [https://pool.btc.com/ link]
|-
| [[DEMAND]] || Global || Small || No || || {{SharedFees}} || || 0% || {{Yes}} || {{No}}
| 2023-11-27 || || [https://bitcointalk.org/index.php?topic=5476679.0 link] || [http://DMND.WORK link]
|-
| [[F2Pool]] || {{flag|us|}}{{flag|eu|}}{{flag|cn|}} || Large || NMC, SYS, EMC || PPS+ || {{SharedFees}} || 2.5% || 0% || {{Yes}} || {{No}}
| 2013-05-05 || Dynamic || [https://bitcointalk.org/index.php?topic=700411.0 link] || [https://www.f2pool.com link]
|-
| [[Golden Nonce Pool]] || {{flag|us}}{{flag|eu}}|| Small || No || DGM || {{PoolFees}} || || 0% || {{Yes}} ||
| 2018-03-27 || Dynamic || [https://bitcointalk.org/index.php?topic=3208073;all link] || [https://goldennoncepool.com link]
|-
| [[KanoPool]] || {{flag|us}}{{flag|sg}}{{flag|de}}{{flag|jp}}{{flag|nl}} || Medium || No || PPLNSG || {{SharedFees}} || || 0.9% || {{Yes}} || {{No}}
| 2014-09-20 || User<ref name="changeable"/>/Dynamic 18SPM || [https://bitcointalk.org/index.php?topic=789369.0 link] || [http://www.kano.is link]
|-
| [[P2Pool]] || Global (p2p) || Small || Merged mining can be done on a "solo mining" basis <ref name="solomm"/> || PPLNS || {{SharedFees}} || || | 0% || {{Yes}} || {{No}}
| 2011-06-17 || User<ref name="changeable"/> || [http://bitcointalk.org/?topic=18313 link] ||
|-
|-
| [[Poolin]] || Global || Medium ||[[NMC]] VCASH || FPPS || {{SharedFees}} || 2.5% || 0% || {{Yes}} || {{Yes}}
| 2017-10-01 || Dynamic || [https://bitcointalk.org/index.php?topic=5169994.0 link] || [https://poolin.com/ link]
|-
| [[SBICrypto Pool]] || Global || Medium || No || FPPS || {{SharedFees}} || 0% || 0% || {{Yes}} || {{Yes}}
| 2020-11-03 || User<ref name="changeable"/>/Dynamic || || [https://sbicrypto.com/ link]
|-
| [[Slush Pool]]
| Global || Medium || [[NMC]] || Score || {{SharedFees}} || || 2% || {{Yes}} || {{No}}
| 2010-11-27 || User<ref name="changeable"/> || [http://bitcointalk.org/?topic=1976 link] || [https://slushpool.com/ link]
|-
| [[Luxor]] || {{flag|us|label=1}}|| Medium || No || FPPS & PPS || {{SharedFees}} || 2% || 0% || {{Yes}} ||
| 2018-01-01 || VarDiff || || [https://mining.luxor.tech// link]
|-
| [[OCEAN]] || {{flag|us|label=1}}|| Small || No || TIDES || {{SharedFees}} || || 0% || {{Yes}} || {{No}}
| 2011-04-27 || Dynamic || || [http://ocean.xyz link]
|-
|}

== Defunct Pools ==

The following pools were once operational but have since shut down. They are listed for historical purposes only.

{| class="wikitable sortable" border="1"
|-
! Name !! Location !! Size<ref name="hashrate2"/>
! Merged Mining<ref name="merged"/>
! Reward Type !! Transaction fees!!PPS Fee!!Other Fee!! [[File:Stm.png|link=Stratum_mining_protocol]] !! [[getblocktemplate|GBT]]
! Launched !! Variance !! Forum !! Website
|-
| [[BCMonster.com]] ||{{flag|us|}}{{flag|eu}}{{flag|cn|}} || Small || No || PPLNS || {{SharedFees}} || || 0.5% || {{Yes}} || {{No}}
| 2016-01-13 || Dynamic || [https://bitcointalk.org/index.php?topic=1327077.0 link] || [http://www.bcmonster.com link]
|-
| [[BitcoinAffiliateNetwork]] || {{flag|us|}}{{flag|eu}}{{flag|cn|}}{{flag|nl|}}{{flag|au|}} || ? || [[NMC]] || ? || {{PoolFees}} || ? || ? || {{Yes}} ||
| 2014-07-15 || User/Dynamic || [https://bitcointalk.org/index.php?topic=722202.0 link] || [http://mining.bitcoinaffiliatenetwork.com/ link]
|-
| [[BitMinter]] || {{flag|us}}{{flag|ca|label=1}}{{flag|eu}} || Small || [[NMC]] || PPLNSG || {{SharedFees}} || || 1% || {{Yes}} || {{No}}
| 2011-06-26 || User<ref name="changeable"/>/Dynamic || [https://bitcointalk.org/?topic=788753 link] || [https://bitminter.com link]
|-
| [[BTCDig]] || {{flag|us|label=1}}|| Small || No || DGM || {{PoolFees}} || || 0% || {{Yes}} ||
| 2013-07-04 || User<ref name="changeable"/>/Dynamic 20SPM || [https://bitcointalk.org/index.php?topic=249627 link] || [http://btcdig.com/ link]
|-
| [[btcmp.com]] || {{flag|de|label=1}}|| Small || No || PPS || {{PoolFees}} || 4% || || {{Yes}} ||
| 2011-06-28 || Diff 1 || || [http://www.btcmp.com/ link]
|-
| [[BTCC Pool]] || China, Japan || Large || [[NMC]] || PPS || {{PoolFees}} || 2.0% || 0% || {{Yes}} || {{Yes}}
| 2014-10-21 || Dynamic || ? || [https://pool.btcc.com link]
|-
| [[btcZPool.com]] || {{flag|us|label=1}}|| Large || BitCoinZ || PPLNS || {{SharedFees}} || 1% || 0% || {{Yes}} ||
| 2017-06-25 || VarDiff || || [http://www.btcZPool.com/ link]
|-
|-
| [[BW Mining]] || China || Medium || ? || PPLNS & PPS || ? || ? || ? || {{Yes}} ||
| ? || ? || ? || [https://www.bw.com/pool link]
|-
| [[Eligius]] || {{flag|us|label=1}}|| Small || [[NMC]] || CPPSRB || {{SharedFees}} || || 0% || {{Yes}} || {{Yes}}
| 2011-04-27 || Dynamic: 32 shares/m || [https://bitcointalk.org/?topic=441465 link] || [http://eligius.st link]
|-
| [[EMCD Pool]] || CIS, EU, KZ, IR, China || Medium || - || FPPS+ || {{SharedFees}} || 1% || 0% || {{Yes}} || {{No}}
| 2018-01-26 || Dynamic || || [https://pool.emcd.io link]
|-
| [[GHash.IO]] || {{flag|nl|label=1}}|| Small || [[NMC]], IXC, [[Devcoin]] || PPLNS || {{SharedFees}} || || 0% || {{Yes}} || {{No}}
| 2013-07-01 || User<ref name="changeable"/> || [https://support.cex.io link] || [https://ghash.io/ link]
|-
| [[Give Me COINS]] || {{flag|us}}{{flag|eu}} || Small || [[NMC]] || PPLNS || {{SharedFees}} || || 0%|| {{Yes}} || {{Yes}}
| 2013-08-12 || Dynamic || [https://bitcointalk.org/index.php?topic=272017.0 link] || [http://give-me-coins.com link]
|-
| [[Jonny Bravo's Mining Emporium]] ||{{flag|us|}}{{flag|eu}} || Small || No || PPLNS || {{SharedFees}} || || 0.5% || {{Yes}} || {{No}}
| 2015-11-19 || Dynamic || [https://bitcointalk.org/index.php?topic=1330452.0 link] || [http://www.bravo-mining.com link]
|-
| [[kmdPool.org]] || {{flag|us|label=1}}|| Large || Komodo || PPLNS || {{SharedFees}} || 1% || 0% || {{Yes}} ||
| 2017-11-25 || VarDiff || || [http://www.kmdPool.org/ link]
|-
| [[MergeMining]] || Global || Small || CRW, DVC, HUC, I0C, IXC, XMY/MYR, NMC, SYS, UNO, TRC, ARG, EMC || PPLNS || {{SharedFees}} || || 1% || {{Yes}} || {{No}}
| 2016-12-01|| User<ref name="changeable"/> || || [https://mergemining.com link]
|-
| [[Multipool]] || {{flag|us}}{{flag|eu}} || Small || [[NMC]] || Score || {{SharedFees}} || || 1.5% || {{Yes}} || {{No}}
| 2012-03-15 || User || [https://bitcointalk.org/index.php?topic=311067.0 link] || [https://www.multipool.us/ link]
|-
| [[ZenPool.org]] || {{flag|us|label=1}}|| Large || ZenCash || PPLNS || {{SharedFees}} || 1% || 0% || {{Yes}} ||
| 2017-10-25 || VarDiff || || [http://www.ZenPool.org/ link]
|-
|}

== SPV Mining / Old Bitcoin Core ==

The following pools are known or strongly suspected to be mining on top of blocks before fully validating them with Bitcoin Core 0.9.5 or later. Miners doing this have already lost over $50,000 USD during the 4 July 2015 fork and have created a situation where small numbers of confirmations are much less useful than they normally are.

* BTC Nuggets
* [https://www.f2pool.com/ F2Pool]<ref name="spv_despite_incident">[https://bitcointalk.org/index.php?topic=700411.msg11790734#msg11790734 Intention to continue SPV mining], Wang Chun, 4 July 2015</ref>
* AntPool<ref name="spv_despite_incident" />

The following pools are believed to be currently fully validating blocks with Bitcoin Core 0.9.5 or later (0.10.2 or later recommended due to DoS vulnerabilities):

* [[BitMinter]]
* BTC China (described as SPV mining<ref name="spv_despite_incident" />, but they're performing effective valiation)
* [[BTC Public Mining Pool]]
* [[CKPool]]
* [[Eligius]]
* [[Golden Nonce Pool]]
* [[P2Pool]]
* [[Bitcoin Pooled Mining|Slush Pool]]
* [[BCMonster.com]]
* [[Jonny Bravo's Mining Emporium]]

== References ==

<references>

<ref name="hashrate2">Note that pool hashrate is largely irrelevant but can be seen as a popularity measurement. It is a theoretical security issue if one pool gains above 50% of the total computational power of the network, thus consider joining a pool based on other metrics. The pool's total hash rate is very dynamic on most pools. Over time, as the network grows, so does most pool's hash rates. The displayed values are the pool's relative sizes based on the network: Small: less than 2%, Medium: 2%-10% Large: greater than 10% of the network.</ref>

<ref name="merged">Merged mining allows miners to mine on multiple [[block chains]] at the same time with the same hashing.</ref>

<ref name="changeable">The difficulty of the shares can be changed by the user.</ref>
<ref name="solomm">Merged mining can be done on a "solo mining" basis (payouts in the merged chain are not pooled).</ref>
</references>

== See also ==
* [[Pooled mining]]
* [https://www.blocktrail.com/BTC/pools Pool Distribution Summary]
* [https://www.bitcoinmining.com/ Bitcoin Mining]
* [https://www.youtube.com/watch?v=GmOzih6I1zs Video: What is Bitcoin Mining]
* [https://www.bitcoinmining.com/bitcoin-mining-pools/ Bitcoin Mining Pools]
* [https://bitcoinchain.com/pools Bitcoin Mining Pools Comparison]
[[Category:Mining]]
{{Pools}}

Common Vulnerabilities and Exposures

2023-12-10T02:50:20Z

Luke-jr:

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| CVE-2015-3641
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Yet) Unspecified DoS
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| CVE-2020-14198
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| [[#CVE-2023-50428|CVE-2023-50428]]
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Common Vulnerabilities and Exposures

2023-12-10T02:49:56Z

Luke-jr: Add CVE-2023-50428

{| class="wikitable"
!style="width:16ex"| CVE
! Announced !! Affects !! Severity !! Attack is... !! Flaw !! Net
|-
| Pre-BIP protocol changes
| n/a
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| [[Consensus versions|Various hardforks and softforks]]
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5137|CVE-2010-5137]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS">Attacker can disable some functionality, for example by crashing clients</ref>
|bgcolor=pink| Easy
| OP_LSHIFT crash
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5141|CVE-2010-5141]]
| 2010-07-28
| wxBitcoin and bitcoind
|bgcolor=pink| Theft<ref name="Theft">Attacker can take coins outside known network rules</ref>
|bgcolor=pink| Easy
| OP_RETURN could be used to spend any output.
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5138|CVE-2010-5138]]
| 2010-07-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Unlimited SigOp DoS
|bgcolor=lime| 100%
|-
| '''[[CVE-2010-5139]]'''
| 2010-08-15
| wxBitcoin and bitcoind
|bgcolor=pink| Inflation<ref name="inflation">Attacker can create coins outside known network rules</ref>
|bgcolor=pink| Easy
| Combined output overflow
|bgcolor=lime| 100%
|-
| [[#CVE-2010-5140|CVE-2010-5140]]
| 2010-09-29
| wxBitcoin and bitcoind
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Never confirming transactions
|bgcolor=lime| 100%
|-
| [[#CVE-2011-4447|CVE-2011-4447]]
| 2011-11-11
| wxBitcoin and bitcoind
|bgcolor=pink| Exposure<ref name="Exposure">Attacker can access user data outside known acceptable methods</ref>
|bgcolor=lime| Hard
| Wallet non-encryption
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2011-4447.html 100%]
|-
| [[#CVE-2012-1909|CVE-2012-1909]]
| 2012-03-07
| Bitcoin protocol and all clients
|bgcolor=pink| Netsplit<ref name="Netsplit">Attacker can create multiple views of the network, enabling [[double-spending]] with over 1 confirmation</ref>
|bgcolor=lime| Very hard
| Transaction overwriting
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1909.html 100%]
|-
| [[#CVE-2012-1910|CVE-2012-1910]]
| 2012-03-17
| bitcoind & Bitcoin-Qt for Windows
|bgcolor=pink| Unknown<ref name="Unknown">Extent of possible abuse is unknown</ref>
|bgcolor=lime| Hard
| Non-thread safe MingW exceptions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-1910.html 100%]
|-
| [[#BIP-0016|BIP 0016]]
| 2012-04-01
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: P2SH
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0016.html 100%]
|-
| [[#CVE-2012-2459|CVE-2012-2459]]
| 2012-05-14
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Easy
| Block hash collision (via merkle root)
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-2459.html 100%]

|-
| '''[[CVE-2012-3789]]'''
| 2012-06-20
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Lack of) orphan txn resource limits
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20123789 100%]
|-
| [[#CVE-2012-4682|CVE-2012-4682]]
|
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|
|
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4682.html 100%]
|-
| '''[[CVE-2012-4683]]'''
| 2012-08-23
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Targeted DoS by CPU exhaustion using alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/CVE-2012-4683.html 100%]
|-
| '''[[CVE-2012-4684]]'''
| 2012-08-24
| bitcoind and Bitcoin-Qt
| bgcolor=yellow| DoS<ref name="DoS"/>
| bgcolor=pink| Easy
| Network-wide DoS using malleable signatures in alerts
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20124684 100%]
|-
| [[#CVE-2013-2272|CVE-2013-2272]]
| 2013-01-11
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| Exposure<ref name="Exposure"/>
|bgcolor=pink| Easy
| Remote discovery of node's wallet addresses
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132272 99.99%]
|-
| [[#CVE-2013-2273|CVE-2013-2273]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=lime| Exposure<ref name="Exposure"/>
|bgcolor=yellow| Easy
| Predictable change output
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132273 99.99%]
|-
| [[#CVE-2013-2292|CVE-2013-2292]]
| 2013-01-30
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=lime| Hard
| A transaction that takes at least 3 minutes to verify
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132292 0%]
|-
| '''[[CVE-2013-2293]]'''
| 2013-02-14
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Continuous hard disk seek
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20132293 99.99%]
|-
| [[#CVE-2013-3219|CVE-2013-3219]]
| 2013-03-11
| bitcoind and Bitcoin-Qt 0.8.0
|bgcolor=pink| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Unenforced block protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133219 100%]
|-
| [[#CVE-2013-3220|CVE-2013-3220]]
| 2013-03-11
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=lime| Hard
| Inconsistent BDB lock limit interactions
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20133220 99.99%]
|-
| [[#BIP-0034|BIP 0034]]
| 2013-03-25
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf"/>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Height in coinbase
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/BIP-0034.html 100%]
|-
| [[#BIP-0050|BIP 0050]]
| 2013-05-15
| All Bitcoin clients
|bgcolor=pink| Netsplit<ref name="Netsplit"/>
|bgcolor=pink| Implicit<ref name="hardfork">This is a protocol "hard-fork" that old clients will reject as invalid and must therefore not be used.</ref>
| Hard fork to remove txid limit protocol rule
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?50 99.99%]
|-
| [[#CVE-2013-4627|CVE-2013-4627]]
| 2013-06-??
| bitcoind and Bitcoin-Qt
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=yellow| Easy
| Memory exhaustion with excess tx message data
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134627 99%]
|-
| [[#CVE-2013-4165|CVE-2013-4165]]
| 2013-07-20
| bitcoind and Bitcoin-Qt
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| Timing leak in RPC authentication
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20134165 99%]
|-
| [[#CVE-2013-5700|CVE-2013-5700]]
| 2013-09-04
| bitcoind and Bitcoin-Qt 0.8.x
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote p2p crash via bloom filters
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99%]
|-
| [[#CVE-2014-0160|CVE-2014-0160]]
| 2014-04-07
| Anything using OpenSSL for TLS
|bgcolor=pink| Unknown<ref name="Unknown"/>
|bgcolor=pink| Easy
| Remote memory leak via payment protocol
| Unknown
|-
| CVE-2015-3641
| 2014-07-07
| bitcoind and Bitcoin-Qt prior to 0.10.2
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| (Yet) Unspecified DoS
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20135700 99.9%]
|-
| BIP 66
| 2015-02-13
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Strict DER signatures
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?66 99%]
|-
| BIP 65
| 2015-11-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: OP_CHECKLOCKTIMEVERIFY
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?65 99%]
|-
| BIPs 68, 112 & 113
| 2016-04-11
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softforks: Rel locktime, CSV & MTP locktime
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?68 99%]
|-
| BIPs 141, 143 & 147
| 2016-10-27
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?141 99%]
|-
| [[#CVE-2016-8889|CVE-2016-8889]]
| 2016-10-27
| Bitcoin Knots GUI 0.11.0 - 0.13.0
|bgcolor=yellow| Exposure
|bgcolor=lime| Hard
| Debug console history storing sensitive info
|bgcolor=lime| 100%
|-
| CVE-2017-9230
| ?
| Bitcoin
| ?
| ?
| ASICBoost
|bgcolor=pink| 0%
|-
| BIP 148
| 2017-03-12
| All Bitcoin clients
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Segwit UASF
| ?
|-
| [[#CVE-2017-12842|CVE-2017-12842]]
| 2018-06-09
|
|
|
| No commitment to block merkle tree depth
|
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10724]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Alert memory exhaustion
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html CVE-2016-10725]
| 2018-07-02
| bitcoind and Bitcoin-Qt prior to 0.13.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Keyholders<ref name="KeyholderEasy">Attacking requires signing with the publicly-disclosed alert key</ref>
| Final alert cancellation
|bgcolor=lime| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201610724 99%]
|-
| [[#CVE-2018-17144|CVE-2018-17144]]
| 2018-09-17
| bitcoind and Bitcoin-Qt prior to 0.16.3
|bgcolor=pink| Inflation<ref name="inflation"/>
|bgcolor=yellow| Miners<ref name="MinerEasy"/>
| Missing check for duplicate inputs
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817144 80%]
|-
| [https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b CVE-2018-20587]
| 2019-02-08
| Bitcoin Knots prior to 0.17.1, and all current Bitcoin Core releases
|bgcolor=pink| Theft<ref name="theft-local-timing">Local attacker could potentially determine the RPC passphrase via a timing sidechannel.</ref>
|bgcolor=lime| Local
| No alert for RPC service binding failure
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820587 <1%]
|-
| [[#CVE-2017-18350|CVE-2017-18350]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.15.1
|bgcolor=pink| Unknown
|bgcolor=pink| Varies<ref>Depends on software configuration</ref>
| Buffer overflow from SOCKS proxy
|bgcolor=yellow| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201718350 94%]
|-
| [[#CVE-2018-20586|CVE-2018-20586]]
| 2019-06-22
| bitcoind and Bitcoin-Qt prior to 0.17.1
|bgcolor=lime| Deception
|bgcolor=lime| RPC access
| Debug log injection via unauthenticated RPC
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201820586 77%]
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12998]
| 2019-08-30
| c-lightning prior to 0.7.1
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-12999]
| 2019-08-30
| lnd prior to 0.7
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO amount
|-
| [https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html CVE-2019-13000]
| 2019-08-30
| eclair prior to 0.3
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing check of channel funding UTXO
|-
| [[#CVE-2020-14199|CVE-2020-14199]]
| 2020-06-03
| Trezor and others
|bgcolor=pink| Theft
|bgcolor=lime| Social<ref>User must be tricked into cooperating (social engineering)</ref>
| Double-signing can enable unintended fees
|-
| [https://invdos.net/ CVE-2018-17145]
| 2020-09-09
| Bitcoin Core prior to 0.16.2 Bitcoin Knots prior to 0.16.1 Bcoin prior to 1.0.2 Btcd prior to 0.21.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| p2p memory blow-up
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?201817145 87%]
|-
| [[#CVE-2020-26895|CVE-2020-26895]]
| 2020-10-08
| lnd prior to 0.10
|bgcolor=pink| Theft
|bgcolor=pink| Easy
| Missing low-S normalization for HTLC signatures
|-
| [[#CVE-2020-26896|CVE-2020-26896]]
| 2020-10-08
| lnd prior to 0.11
|bgcolor=pink| Theft
|bgcolor=yellow | Varies<ref>Depends on node configuration, only affects routable merchants, requires external knowledge of receiver's invoices and/or luck to identify receiver, only works against single-shot HTLCs (legacy or MPP)</ref>
| Invoice preimage extraction via forwarded HTLC
|-
| CVE-2020-14198
|
| Bitcoin Core 0.20.0
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Remote DoS
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?202014198 93%]
|-
| [[#CVE-2021-3401|CVE-2021-3401]]
| 2021-02-01
| Bitcoin Core GUI prior to 0.19.0 Bitcoin Knots GUI prior to 0.18.1
|bgcolor=pink| Theft
|bgcolor=lime| Hard
| Qt5 remote execution
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?20213401 64%]
|-
| [[#CVE-2021-31876|CVE-2021-31876]]
| 2021-05-06
| Various wallets
|
|
|
|-
| CVE-2021-41591
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41592
| 2021-10-04
| Lightning software
|
|
|
|-
| CVE-2021-41593
| 2021-10-04
| Lightning software
|
|
|
|-
| BIPs 341-343
| 2021-11-13
| All Bitcoin nodes
|bgcolor=yellow| Fake Conf<ref name="FakeConf">Attacker can double-spend with 1 confirmation</ref>
|bgcolor=yellow| Miners<ref name="MinerEasy">Attacking requires mining block(s)</ref>
| Softfork: Taproot
|bgcolor=pink| [http://luke.dashjr.org/programs/bitcoin/files/charts/security.html?343 57%]
|-
| [https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355 CVE-2022-31246]
| 2022-06-07
| Electrum 2.1 until before 4.2.2
|bgcolor=pink| Theft
|bgcolor=lime| Social
|
|-
| CVE-2023-50428
| 2023
| All Bitcoin nodes
|bgcolor=yellow| DoS<ref name="DoS"/>
|bgcolor=pink| Easy
| Bypass of datacarriersize limit using OP_FALSE,OP_IF
|
|}

<references/>

__NOTOC__

== CVE-2010-5137 ==

Date: 2010-07-28
Summary: OP_LSHIFT crash
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One caused bitcoin to crash on some machines when processing a transaction containing an OP_LSHIFT. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5137 US-CERT/NIST]

== CVE-2010-5141 ==

Date: 2010-07-28
Summary: ?
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.4 || 0.3.5
|}

On July 28 2010, two bugs were discovered and demonstrated on the test network. One exploited a bug in the transaction handling code and allowed an attacker to spend coins that they did not own. This was never exploited on the main network, and was fixed by Bitcoin version 0.3.5.

After these bugs were discovered, many currently-unused script words were disabled for safety.

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5141 US-CERT/NIST]

== CVE-2010-5138 ==

Date: 2010-07-29
Summary: Unlimited SigOp DoS
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.? || 0.3.?
|}

On July 29 2010, it was discovered that block [http://blockexplorer.com/block/00000000000997f9fd2fe1ee376293ef8c42ad09193a5d2086dddf8e5c426b56 71036] contained several transactions with a ton of OP_CHECKSIG commands. There should only ever be one such command. This caused every node to do extra unnecessary work, and it could have been used as a denial-of-service attack. A new version of Bitcoin was quickly released. The new version did not cause a fork on the main network, though it did cause one on the test network (where someone had played around with the attack more).

=== References ===
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5138 US-CERT/NIST]

== CVE-2010-5139 ==
{{main|CVE-2010-5139}}
Date: 2010-08-15
Summary: Combined output overflow
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.10 || 0.3.11
|}

On August 15 2010, it was [http://bitcointalk.org/index.php?topic=822.0 discovered] that block 74638 contained a transaction that created over 184 billion bitcoins for two different addresses. This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. A new version was published within a few hours of the discovery. The block chain had to be forked. Although many unpatched nodes continued to build on the "bad" block chain, the "good" block chain overtook it at a block height of 74691. The bad transaction no longer exists for people using the longest chain.

The block and transaction:
<pre>CBlock(hash=0000000000790ab3, ver=1, hashPrevBlock=0000000000606865, hashMerkleRoot=618eba,
nTime=1281891957, nBits=1c00800e, nNonce=28192719, vtx=2)
CTransaction(hash=012cd8, ver=1, vin.size=1, vout.size=1, nLockTime=0)
CTxIn(COutPoint(000000, -1), coinbase 040e80001c028f00)
CTxOut(nValue=50.51000000, scriptPubKey=0x4F4BA55D1580F8C3A8A2C7)
CTransaction(hash=1d5e51, ver=1, vin.size=1, vout.size=2, nLockTime=0)
CTxIn(COutPoint(237fe8, 0), scriptSig=0xA87C02384E1F184B79C6AC)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0xB7A7)
CTxOut(nValue=92233720368.54275808, scriptPubKey=OP_DUP OP_HASH160 0x1512)
vMerkleTree: 012cd8 1d5e51 618eba

Block hash: 0000000000790ab3f22ec756ad43b6ab569abf0bddeb97c67a6f7b1470a7ec1c
Transaction hash: 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9</pre>

=== References ===
* [https://bitcointalk.org/index.php?topic=822.0 Discovery]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139 US-CERT/NIST]

== CVE-2010-5140 ==

Date: 2010-09-29
Summary: Never confirming transactions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || * - 0.3.12 || 0.3.13
|}

Around September 29, 2010, people started [https://bitcointalk.org/index.php?topic=1306.0 reporting] that their sent transactions would not confirm. This happened because people modified Bitcoin to send sub-0.01 transactions without any fees. A 0.01 fee was at that time required by the network for such transactions (essentially prohibiting them), so the transactions remained at 0 confirmations forever. This became a more serious issue because Bitcoin would send transactions using bitcoins gotten from transactions with 0 confirmations, and these resulting transactions would also never confirm. Because Bitcoin tends to prefer sending smaller coins, these invalid transactions quickly multiplied, contaminating the wallets of everyone who received them.

Bitcoin was changed to only select coins with at least 1 confirmation. The remaining sub-0.01 transactions were cleared by generators who modified their version of Bitcoin to not require the micropayment fee. It took a while for everything to get cleared, though, because many of the intermediate transactions had been forgotten by the network by this point and had to be rebroadcast by the original senders.

=== References ===
* [https://bitcointalk.org/index.php?topic=1306.0 Initial reports]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5140 US-CERT/NIST]

== CVE-2011-4447 ==

Date: 2011-11-11
Summary: Wallet non-encryption
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind wxBitcoin || 0.4.0 - 0.4.1rc6 || 0.4.1 0.5.0
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=51604.0 Announcement]
* [https://bitcointalk.org/index.php?topic=51474.0 Finding]
* [http://bitcoin.org/releases/2011/11/21/v0.5.0.html 0.5.0]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4447 US-CERT/NIST]

== CVE-2012-1909 ==

Date: 2012-03-07
Summary: Transaction overwriting
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin protocol || Before March 15th, 2012 || BIP 30
|-
| Bitcoin-Qt bitcoind || * - 0.4.4rc2 0.5.0rc1 - 0.5.0.4rc2 0.5.1rc1 - 0.5.3rc2 0.6.0rc1 - 0.6.0rc2 || 0.4.4 0.5.0.4 0.5.3 0.6.0rc3
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=67738.0 Announcement]
* [https://en.bitcoin.it/wiki/BIP_0030 Fix]
* [https://bugs.gentoo.org/show_bug.cgi?id=407793 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1909 US-CERT/NIST]

== CVE-2012-1910 ==

Date: 2012-03-17
Summary: Non-thread safe MingW exceptions
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| bitcoind for Windows Bitcoin-Qt for Windows || 0.5.0rc1 - 0.5.0.4 0.5.1rc1 - 0.5.3.0 0.6.0rc1 - 0.6.0rc3 || 0.5.0.5 0.5.3.1 0.5.4 0.6.0rc4
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=69120.0 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1910 US-CERT/NIST]
* [http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html Full disclosure]

== BIP-0016 ==

Date: 2012-04-01
Summary: Mandatory P2SH protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.4 0.5.0rc1 - 0.5.0.5 0.5.1rc1 - 0.5.3 0.6.0rc1 || 0.4.5 0.5.0.6 0.5.4rc1 0.6.0rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0016]]

== CVE-2012-2459 ==

Date: 2012-05-14
Summary: Block hash collision (via merkle tree)
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.6rc1 0.5.0rc1 - 0.5.5rc1 0.6.0rc1 - 0.6.0.7rc1 0.6.1rc1 - 0.6.1rc1 || 0.4.6 0.5.5 0.6.0.7 0.6.1rc2
|}

Block hash collisions can easily be made by duplicating transactions in the merkle tree.
Such a collision is invalid, but if recorded (as Bitcoin-Qt and bitcoind prior to 0.6.1 did) would prevent acceptance of the legitimate block with the same hash.
This could be used to fork the blockchain, including deep double-spend attacks.

=== References ===
* [https://bitcointalk.org/?topic=81749 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=415973 Gentoo bug tracker]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2459 US-CERT/NIST]
* [https://bitcointalk.org/?topic=102395 Full Disclosure]

== CVE-2012-3789 ==
{{main|CVE-2012-3789}}
Date: 2012-06-20
Summary: (Lack of) orphan txn resource limits
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-3789]]
* [https://bitcointalk.org/?topic=88734 0.6.3rc1 Announcement]
* [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3789 US-CERT/NIST]

== CVE-2012-4682 ==

Date:
Summary:
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.4.7rc3 0.5.6rc3 0.6.0.9rc1 0.6.3rc1
|}

=== References ===
* [[CVE-2012-4682]]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4683 ==
{{main|CVE-2012-4683}}
Date: 2012-08-23
Summary: Targeted DoS by CPU exhaustion using alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 || 0.7.0
|}

=== References ===
* [[CVE-2012-4683]]
* [https://bitcointalk.org/index.php?topic=148038.0 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=435216 Gentoo bug]

== CVE-2012-4684 ==
{{main|CVE-2012-4684}}
Date: 2012-08-24
Summary: Network-wide DoS using malleable signatures in alerts
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7rc2 0.5.0rc1 - 0.5.6rc2 0.6.0rc1 - 0.6.0.8rc2 0.6.1rc1 - 0.6.2.2 - 0.6.3rc1 || 0.7.0
|}

=== References ===
* [[CVE-2012-4684]]
* [https://bitcointalk.org/index.php?topic=148109.0 Announcement]

== CVE-2013-2272 ==

Date: 2013-01-11
Summary: Remote discovery of node's wallet addresses
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bitcointalk.org/?topic=135856 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2273 ==

Date: 2013-01-30
Summary: Predictable change output
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.8rc4 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.10rc4 0.6.1rc1 - 0.6.4rc4 0.7.0rc1 - 0.7.2 || 0.4.9rc1 0.5.8rc1 0.6.0.11rc1 0.6.5rc1 0.7.3rc1
|}

=== References ===

* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2292 ==

Date: 2013-01-30
Summary: A transaction that takes at least 3 minutes to verify
Fix Deployment: 0%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || All versions || No fix yet
|}

=== References ===
* [[CVE-2013-2292]]
* [https://bitcointalk.org/?topic=140078 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-2293 ==
{{main|CVE-2013-2293}}
Date: 2013-02-14
Summary: Continuous hard disk seek
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.7.3rc1 || No fix yet (0.8.0 unaffected)
|}

=== References ===

* [[CVE-2013-2293]]
* [https://bitcointalk.org/?topic=144122 Announcement]
* [https://bugs.gentoo.org/show_bug.cgi?id=462046 Gentoo bug]

== CVE-2013-3219 ==

Date: 2013-03-11
Summary: Unenforced block protocol rule
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.0 || 0.8.1
|}

=== References ===
* [[BIP 0050|BIP 50]]

== CVE-2013-3220 ==

Date: 2013-03-11
Summary: Inconsistent BDB lock limit interactions
Fix Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050|BIP 50]]

== BIP-0034 ==

Date: 2013-03-25
Summary: Mandatory block protocol update
Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.7 0.5.0rc1 - 0.5.7 0.6.0rc1 - 0.6.0.9 0.6.1rc1 - 0.6.3 || 0.4.8rc1 0.5.7rc1 0.6.0.10rc1 0.6.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0034]]

== BIP-0050 ==

Date: 2013-05-15
Summary: Hard fork to remove txid limit protocol rule
Deployment: 99.99%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc1 0.5.0rc1 - 0.5.8rc1 0.6.0rc1 - 0.6.5rc1 0.7.0rc1 - 0.7.3rc1 || 0.4.9rc2 0.5.8rc2 0.6.5rc2 0.7.3rc2
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [[BIP 0050]]

== CVE-2013-4627 ==

Date: 2013-06-??
Summary: Memory exhaustion with excess tx message data
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4
|-
| wxBitcoin || ALL || NONE
|}

=== References ===

== CVE-2013-4165 ==

Date: 2013-07-20
Summary: Timing leak in RPC authentication
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || * - 0.4.9rc3 0.5.0rc1 - 0.5.8rc3 0.6.0rc1 - 0.6.5rc3 0.7.0rc1 - 0.7.3rc3 0.8.0rc1 - 0.8.3 || 0.4.9rc4 0.5.8rc4 0.6.5rc4 0.7.3rc4 0.8.4rc1
|-
| wxBitcoin || ALL || NONE
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/issues/2838 The initial bug report]

== CVE-2013-5700 ==

Date: 2013-09-04
Summary: Remote p2p crash via bloom filters
Fix Deployment: 99.9%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.8.0rc1 - 0.8.3 || 0.8.4rc1
|}

=== References ===
* [https://bitcointalk.org/index.php?topic=287351 Bitcoin-Qt 0.8.4 release notes]
* [https://github.com/bitcoin/bitcoin/commit/37c6389c5a0ca63ae3573440ecdfe95d28ad8f07 The fix]
* [https://github.com/bitcoin/bitcoin/pull/18515 An added test]

== CVE-2016-8889 ==

Date: 2016-10-27
Summary: Debug console history storing sensitive info
Fix Deployment: 100%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Knots GUI || 0.11.0 - 0.13.0 || 0.13.1
|}

=== References ===
* [https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md Bitcoin Knots 0.16.1.knots20161027 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2016-8889 US-CERT/NIST]

== CVE-2017-12842 ==

Date: 2018-06-09
Summary: No commitment to block merkle tree depth

=== References ===
* [https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/ Explanation by Sergio Demian Lerner]
* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html Further elaboration by Suhas Daftuar]

== CVE-2017-18350 ==

Date: 2019-06-22
Summary: Buffer overflow from SOCKS proxy
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.7.0rc1 - 0.15.0 || 0.15.1rc1
|}

=== References ===
* [https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5 Disclosure of details]

== CVE-2018-17144 ==

Date: 2018-09-17
Summary: Missing check for duplicate inputs
Fix Deployment: 31%
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.14.0rc1 - 0.14.2 0.15.0rc1 - 0.15.1 0.16.0rc1 - 0.16.2 || 0.14.3 0.15.2 0.16.3
|}

=== References ===
* [https://bitcoincore.org/en/2018/09/20/notice/ Full disclosure by Bitcoin Core]
* [https://bitcoincore.org/en/2018/09/18/release-0.16.3/ Bitcoin Core 0.16.3 release notes]
* [https://github.com/bitcoinknots/bitcoin/blob/v0.16.3.knots20180918/doc/release-notes.md Bitcoin Knots 0.16.3.knots20180918 release notes]
* [https://nvd.nist.gov/vuln/detail/CVE-2018-17144 US-CERT/NIST]
* [https://bugs.gentoo.org/show_bug.cgi?id=666669 Gentoo bug]

== CVE-2018-20586 ==

Date: 2019-06-22
Summary: Debug log injection via unauthenticated RPC
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin-Qt bitcoind || 0.12.0rc1 - 0.17.0 || 0.17.1rc1
|}

== CVE-2020-14199 ==

Date: 2020-06-03
Summary: Double-signing can enable unintended fees
{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Trezor One || || 1.9.1
|-
| Trezor Model T || || 2.3.1
|-
| ???
|}

=== References ===
* [https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd Disclosure of details by Trezor team]

== CVE-2020-26895 ==

Date: 2020-10-08
Summary: Missing low-S normalization for HTLC signatures.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.10.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002858.html CVE-2020-26895: LND Low-S Tx-Relay Standardness]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002856.html Full Disclosure: Full Disclosure: CVE-2020-26895 LND "Hodl my Shitsig"]

== CVE-2020-26896 ==

Date: 2020-10-08
Summary: Invoice preimage extraction via forwarded HTLC.

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| lnd || || 0.11.0
|}

=== References ===
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html CVE-2020-26896: LND Invoice Preimage Extraction]
* [https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002855.html Full Disclosure: CVE-2020-26896 LND "The (un)covert channel"]

== CVE-2021-3401 ==

Date: 2021-02-01
Summary: Qt5 remote execution

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core GUI || || 0.19.0
|-
| Bitcoin Knots GUI || || 0.18.1
|}

== CVE-2021-31876 ==

Date: 2021-05-06

=== References ===

* [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html Full Disclosure: CVE-2021-31876 Defect in Bitcoin Core's bip125 logic]

=== References ===
* [https://achow101.com/2021/02/0.18-uri-vuln URI Argument Injection Vulnerability in Bitcoin Core 0.18 and Earlier]

==Definitions==

A critical vulnerability is one that will have disastrous consequences if it is exploited. A serious vulnerability is one that will have serious consequences if it is exploited<ref>[http://bitcointalk.org/index.php?topic=88892.0 http://bitcointalk.org/index.php?topic=88892.0]</ref>.

==See Also==

* [[Changelog]]
* https://blog.bitmex.com/bitcoins-consensus-forks/

== CVE-2023-50428 ==

Date: 2023
Summary: Bypass of datacarriersize limit using OP_FALSE,OP_IF

{| class='wikitable'
!colspan='2'| Affected !! Fix
|-
| Bitcoin Core || 0.9 and later || NOT FIXED
|-
| Bitcoin Knots || 0.9 - 23.0 || 25.1.knots20231115
|-
| btcd || ? || NOT FIXED
|-
| libbitcoin || ? || NOT FIXED
|}

==References==
<references />

[[Category:Security]]

{{Bitcoin Core documentation}}

Comparison of mining pools

2023-12-02T04:22:46Z

Luke-jr: Add OCEAN and TIDES

Reward types & explanation:
* '''CPPSRB''' - Capped Pay Per Share with Recent Backpay. [http://eligius.st/wiki/index.php/Capped_PPS_with_Recent_Backpay]
* '''DGM''' - Double Geometric Method. A hybrid between PPLNS and Geometric reward types that enables to operator to absorb some of the variance risk. Operator receives portion of payout on short rounds and returns it on longer rounds to normalize payments. [https://bitcointalk.org/index.php?topic=39497.0]
* '''ESMPPS''' - Equalized Shared Maximum Pay Per Share. Like SMPPS, but equalizes payments fairly among all those who are owed. [http://bitcointalk.org/index.php?topic=12181.msg378851#msg378851]
* '''POT''' - Pay On Target. A high variance PPS variant that pays on the difficulty of work returned to pool rather than the difficulty of work served by pool [https://bitcointalk.org/index.php?topic=131376.0]
* '''PPLNS''' - Pay Per Last N Shares. Similar to proportional, but instead of looking at the number of shares in the round, instead looks at the last N shares, regardless of round boundaries.
* '''PPLNSG''' - Pay Per Last N Groups (or shifts). Similar to PPLNS, but shares are grouped into "shifts" which are paid as a whole.
* '''PPS''' - Pay Per Share. Each submitted share is worth certain amount of BTC. Since finding a block requires <current difficulty> shares ''on average'', a PPS method with 0% fee would be 6.25 BTC divided by <current difficulty>. It is risky for pool operators, hence the fee is highest.
* '''Prop.''' - Proportional. When block is found, the reward is distributed among all workers proportionally to how much shares each of them has found.
* '''RSMPPS''' - Recent Shared Maximum Pay Per Share. Like SMPPS, but system aims to prioritize the most recent miners first. [http://eligius.st/wiki/index.php/Shared_Maximum_PPS]
* '''Score''' - Score based system: a proportional reward, but weighed by time submitted. Each submitted share is worth more in the function of time ''t'' since start of current round. For each share score is updated by: score += exp(t/C). This makes later shares worth much more than earlier shares, thus the miner's score quickly diminishes when they stop mining on the pool. Rewards are calculated proportionally to scores (and not to shares). (at slush's pool C=300 seconds, and every hour scores are normalized)
* '''SMPPS''' - Shared Maximum Pay Per Share. Like Pay Per Share, but never pays more than the pool earns. [http://eligius.st/wiki/index.php/Shared_Maximum_PPS]
* '''FPPS''' - Full Pay Per Share. Similar to PPS，but not only divide regular block reward (6.25 BTC for now) but also some of the transaction fees. Calculate a standard transaction fee within a certain period and distribute it to miners according to their hash power contributions in the pool. It will increase the miners' earnings by sharing some of the transaction fees.
* '''TIDES''' - Transparent Index of Distinct Extended Shares. As blocks are being mined, they generate the reward by a weighted percentage of effort to the most recently found proofs. The proof period funds are distributed across has been chosen such that each proof should be paid on average 8 times. Instead of a set amount of bitcoins per proof, the block reward is divided by percent, so transaction fees are included.

A statistically valid analysis of some pools and their payout methods: [http://organofcorti.blogspot.com/ Bitcoin network and pool analysis]

== Operational Pools ==

The following mining pools are still running and paying out their users:

{| class="wikitable sortable" border="1"
|-
! Name !! Location !! Size<ref name="hashrate2"/>
! Merged Mining<ref name="merged"/>
! Reward Type !! Transaction fees!!PPS Fee!!Other Fee!! [[File:Stm.png|link=Stratum_mining_protocol]] !! [[getblocktemplate|GBT]]
! Launched !! Variance !! Forum !! Website
|-
| [[AntPool]] || China || Large || No || PPLNS & PPS || {{PoolFees}} || 2.5% || 0% || {{Yes}} || {{No}}
| ? || ? || [https://bitcointalk.org/index.php?topic=855548 link] || [https://www.antpool.com/ link]
|-
| [[BCMonster.com]] ||{{flag|us|}}{{flag|eu}}{{flag|cn|}} || Small || No || PPLNS || {{SharedFees}} || || 0.5% || {{Yes}} || {{No}}
| 2016-01-13 || Dynamic || [https://bitcointalk.org/index.php?topic=1327077.0 link] || [http://www.bcmonster.com link]
|-
| [[BTC.com]] || {{flag|cn}}{{flag|us|}}{{flag|eu}} || Medium || [[NMC]] || FPPS || {{SharedFees}} || 0% || 4% || {{Yes}} || {{No}}
| 2016-09-13 || User || [https://bitcointalk.org/index.php?topic=1827718.0 link] || [https://pool.btc.com/ link]
|-
| [[BTCC Pool]] || China, Japan || Large || [[NMC]] || PPS || {{PoolFees}} || 2.0% || 0% || {{Yes}} || {{Yes}}
| 2014-10-21 || Dynamic || ? || [https://pool.btcc.com link]
|-
| [[BW Mining]] || China || Medium || ? || PPLNS & PPS || ? || ? || ? || {{Yes}} ||
| ? || ? || ? || [https://www.bw.com/pool link]
|-
| [[F2Pool]] || {{flag|us|}}{{flag|eu|}}{{flag|cn|}} || Large || NMC, SYS, EMC || PPS+ || {{SharedFees}} || 2.5% || 0% || {{Yes}} || {{No}}
| 2013-05-05 || Dynamic || [https://bitcointalk.org/index.php?topic=700411.0 link] || [https://www.f2pool.com link]
|-
| [[Golden Nonce Pool]] || {{flag|us}}{{flag|eu}}|| Small || No || DGM || {{PoolFees}} || || 0% || {{Yes}} ||
| 2018-03-27 || Dynamic || [https://bitcointalk.org/index.php?topic=3208073;all link] || [https://goldennoncepool.com link]
|-
| [[KanoPool]] || {{flag|us}}{{flag|sg}}{{flag|de}}{{flag|jp}}{{flag|nl}} || Medium || No || PPLNSG || {{SharedFees}} || || 0.9% || {{Yes}} || {{No}}
| 2014-09-20 || User<ref name="changeable"/>/Dynamic 18SPM || [https://bitcointalk.org/index.php?topic=789369.0 link] || [http://www.kano.is link]
|-
| [[Merge Mining Pool]] || {{flag|us|label=1}}|| Small || [[NMC]], IXC, [[Devcoin]]
| DGM || {{SharedFees}} || || 1.5% || {{Yes}} || {{No}}
| 2012-01-08 || User<ref name="changeable"/> || [http://bitcointalk.org/?topic=57148 link] || [http://mmpool.org link]
|-
| [[P2Pool]] || Global (p2p) || Small || Merged mining can be done on a "solo mining" basis <ref name="solomm"/> || PPLNS || {{SharedFees}} || || 0% || {{Yes}} || {{No}}
| 2011-06-17 || User<ref name="changeable"/> || [http://bitcointalk.org/?topic=18313 link] ||
|-
|-
| [[Poolin]] || Global || Large ||[[NMC]] VCASH || FPPS || {{SharedFees}} || 2.5% || 0% || {{Yes}} || {{Yes}}
| 2017-10-01 || Dynamic || [https://bitcointalk.org/index.php?topic=5169994.0 link] || [https://poolin.com/ link]
|-
| [[SBICrypto Pool]] || Global || Medium || No || FPPS || {{SharedFees}} || 0% || 0% || {{Yes}} || {{Yes}}
| 2020-11-03 || User<ref name="changeable"/>/Dynamic || || [https://sbicrypto.com/ link]
|-
| [[Slush Pool]]
| Global || Medium || [[NMC]] || Score || {{SharedFees}} || || 2% || {{Yes}} || {{No}}
| 2010-11-27 || User<ref name="changeable"/> || [http://bitcointalk.org/?topic=1976 link] || [https://slushpool.com/ link]
|-
| [[Luxor]] || {{flag|us|label=1}}|| Medium || No || FPPS & PPS || {{SharedFees}} || 2% || 0% || {{Yes}} ||
| 2018-01-01 || VarDiff || || [https://mining.luxor.tech// link]
|-
| [[OCEAN]] || {{flag|us|label=1}}|| Small || No || TIDES || {{SharedFees}} || || 0% || {{Yes}} || {{No}}
| 2011-04-27 || Dynamic || || [http://ocean.xyz link]
|-
|}

== Defunct Pools ==

The following pools were once operational but have since shut down. They are listed for historical purposes only.

{| class="wikitable sortable" border="1"
|-
! Name !! Location !! Size<ref name="hashrate2"/>
! Merged Mining<ref name="merged"/>
! Reward Type !! Transaction fees!!PPS Fee!!Other Fee!! [[File:Stm.png|link=Stratum_mining_protocol]] !! [[getblocktemplate|GBT]]
! Launched !! Variance !! Forum !! Website
|-
| [[BitcoinAffiliateNetwork]] || {{flag|us|}}{{flag|eu}}{{flag|cn|}}{{flag|nl|}}{{flag|au|}} || ? || [[NMC]] || ? || {{PoolFees}} || ? || ? || {{Yes}} ||
| 2014-07-15 || User/Dynamic || [https://bitcointalk.org/index.php?topic=722202.0 link] || [http://mining.bitcoinaffiliatenetwork.com/ link]
|-
| [[BitMinter]] || {{flag|us}}{{flag|ca|label=1}}{{flag|eu}} || Small || [[NMC]] || PPLNSG || {{SharedFees}} || || 1% || {{Yes}} || {{No}}
| 2011-06-26 || User<ref name="changeable"/>/Dynamic || [https://bitcointalk.org/?topic=788753 link] || [https://bitminter.com link]
|-
| [[BTCDig]] || {{flag|us|label=1}}|| Small || No || DGM || {{PoolFees}} || || 0% || {{Yes}} ||
| 2013-07-04 || User<ref name="changeable"/>/Dynamic 20SPM || [https://bitcointalk.org/index.php?topic=249627 link] || [http://btcdig.com/ link]
|-
| [[btcmp.com]] || {{flag|de|label=1}}|| Small || No || PPS || {{PoolFees}} || 4% || || {{Yes}} ||
| 2011-06-28 || Diff 1 || || [http://www.btcmp.com/ link]
|-
| [[btcZPool.com]] || {{flag|us|label=1}}|| Large || BitCoinZ || PPLNS || {{SharedFees}} || 1% || 0% || {{Yes}} ||
| 2017-06-25 || VarDiff || || [http://www.btcZPool.com/ link]
|-
| [[Eligius]] || {{flag|us|label=1}}|| Small || [[NMC]] || CPPSRB || {{SharedFees}} || || 0% || {{Yes}} || {{Yes}}
| 2011-04-27 || Dynamic: 32 shares/m || [https://bitcointalk.org/?topic=441465 link] || [http://eligius.st link]
|-
| [[EMCD Pool]] || CIS, EU, KZ, IR, China || Medium || - || FPPS+ || {{SharedFees}} || 1% || 0% || {{Yes}} || {{No}}
| 2018-01-26 || Dynamic || || [https://pool.emcd.io link]
|-
| [[GHash.IO]] || {{flag|nl|label=1}}|| Small || [[NMC]], IXC, [[Devcoin]] || PPLNS || {{SharedFees}} || || 0% || {{Yes}} || {{No}}
| 2013-07-01 || User<ref name="changeable"/> || [https://support.cex.io link] || [https://ghash.io/ link]
|-
| [[Give Me COINS]] || {{flag|us}}{{flag|eu}} || Small || [[NMC]] || PPLNS || {{SharedFees}} || || 0%|| {{Yes}} || {{Yes}}
| 2013-08-12 || Dynamic || [https://bitcointalk.org/index.php?topic=272017.0 link] || [http://give-me-coins.com link]
|-
| [[Jonny Bravo's Mining Emporium]] ||{{flag|us|}}{{flag|eu}} || Small || No || PPLNS || {{SharedFees}} || || 0.5% || {{Yes}} || {{No}}
| 2015-11-19 || Dynamic || [https://bitcointalk.org/index.php?topic=1330452.0 link] || [http://www.bravo-mining.com link]
|-
| [[kmdPool.org]] || {{flag|us|label=1}}|| Large || Komodo || PPLNS || {{SharedFees}} || 1% || 0% || {{Yes}} ||
| 2017-11-25 || VarDiff || || [http://www.kmdPool.org/ link]
|-
| [[MergeMining]] || Global || Small || CRW, DVC, HUC, I0C, IXC, XMY/MYR, NMC, SYS, UNO, TRC, ARG, EMC || PPLNS || {{SharedFees}} || || 1% || {{Yes}} || {{No}}
| 2016-12-01|| User<ref name="changeable"/> || || [https://mergemining.com link]
|-
| [[Multipool]] || {{flag|us}}{{flag|eu}} || Small || [[NMC]] || Score || {{SharedFees}} || || 1.5% || {{Yes}} || {{No}}
| 2012-03-15 || User || [https://bitcointalk.org/index.php?topic=311067.0 link] || [https://www.multipool.us/ link]
|-
| [[ZenPool.org]] || {{flag|us|label=1}}|| Large || ZenCash || PPLNS || {{SharedFees}} || 1% || 0% || {{Yes}} ||
| 2017-10-25 || VarDiff || || [http://www.ZenPool.org/ link]
|-
|}

== SPV Mining / Old Bitcoin Core ==

The following pools are known or strongly suspected to be mining on top of blocks before fully validating them with Bitcoin Core 0.9.5 or later. Miners doing this have already lost over $50,000 USD during the 4 July 2015 fork and have created a situation where small numbers of confirmations are much less useful than they normally are.

* BTC Nuggets
* [https://www.f2pool.com/ F2Pool]<ref name="spv_despite_incident">[https://bitcointalk.org/index.php?topic=700411.msg11790734#msg11790734 Intention to continue SPV mining], Wang Chun, 4 July 2015</ref>
* AntPool<ref name="spv_despite_incident" />

The following pools are believed to be currently fully validating blocks with Bitcoin Core 0.9.5 or later (0.10.2 or later recommended due to DoS vulnerabilities):

* [[BitMinter]]
* BTC China (described as SPV mining<ref name="spv_despite_incident" />, but they're performing effective valiation)
* [[BTC Public Mining Pool]]
* [[CKPool]]
* [[Eligius]]
* [[Golden Nonce Pool]]
* [[P2Pool]]
* [[Bitcoin Pooled Mining|Slush Pool]]
* [[BCMonster.com]]
* [[Jonny Bravo's Mining Emporium]]

== References ==

<references>

<ref name="hashrate2">Note that pool hashrate is largely irrelevant but can be seen as a popularity measurement. It is a theoretical security issue if one pool gains above 50% of the total computational power of the network, thus consider joining a pool based on other metrics. The pool's total hash rate is very dynamic on most pools. Over time, as the network grows, so does most pool's hash rates. The displayed values are the pool's relative sizes based on the network: Small: less than 2%, Medium: 2%-10% Large: greater than 10% of the network.</ref>

<ref name="merged">Merged mining allows miners to mine on multiple [[block chains]] at the same time with the same hashing.</ref>

<ref name="changeable">The difficulty of the shares can be changed by the user.</ref>
<ref name="solomm">Merged mining can be done on a "solo mining" basis (payouts in the merged chain are not pooled).</ref>
</references>

== See also ==
* [[Pooled mining]]
* [https://www.blocktrail.com/BTC/pools Pool Distribution Summary]
* [https://www.bitcoinmining.com/ Bitcoin Mining]
* [https://www.youtube.com/watch?v=GmOzih6I1zs Video: What is Bitcoin Mining]
* [https://www.bitcoinmining.com/bitcoin-mining-pools/ Bitcoin Mining Pools]
* [https://bitcoinchain.com/pools Bitcoin Mining Pools Comparison]
[[Category:Mining]]
{{Pools}}

Transaction accelerator

2023-10-12T20:21:32Z

Luke-jr:

=What to Do if Your Bitcoin Transaction Gets "Stuck"=

The number of transactions on the Bitcoin network has steadily increased over the years. This means more blocks are filling up. And as not all transactions can be included in the blockchain straight away, backlogs form in miners’ “mempools” (a sort of “transaction queue.”)

Miners typically pick the transactions that pay the most fees and include these in their blocks first. Transactions that include lower fees are “outbid” on the so called “fee market,” and remain in miners’ mempools until a new block is found. If the transaction is outbid again, it has to wait until the next block.

This can lead to a suboptimal user experience. Transactions with too low a fee can take hours or even days to confirm, and sometimes never confirm at all.

==Fee Bumping==

The recommended approach to "accelerating" a transaction is to perform a [[fee bumping]] methods, either [[replace by fee|replace-by-fee]] (RBF), or [[Transaction fees#Feerates_for_dependent_transactions_.28child-pays-for-parent.29|child-pays-for-parent]] (CPFP), which are available to:

* Sender of the Bitcoin transaction: Replace-by-fee (RBF), and Child-pays-for-parent (CPFP)
* Recipient of the Bitcoin transaction: Child-pays-for-parent (CPFP)

==Bitcoin transaction accelerators==

Caution: As editors, we strive to present you with the most reliable accelerators in the industry. However, we strongly encourage you to conduct your own research by reviewing authentic feedback and verifying the legitimacy of the businesses. It's important to be aware that there are numerous purported transaction accelerators that are, unfortunately, fraudulent schemes. Some of these claim to collaborate with mining pools on your behalf. Yet, due to the challenges in verifying such claims and the past contentious discussions around providing an exhaustive list, we have refined our approach.

Hence, we are now exclusively listing accelerators that are definitively and verifiably operated by established pools or miners, possessing a minimum of 0.1% of the total network hash rate. This stringent criterion has been adopted to ensure the accuracy and reliability of the information we present.

===Mining Pool Accelerators===

A mining pool may offer a premium service in which they will prioritize a transaction, usually for a fee. The ability for that pool to get a transaction confirmed is limited to their ability to get a block confirmed -- and most pools have a tiny [https://www.blockchain.com/pools fraction of the hashrate]. For example, if a pool has 10% of the hashrate, they mine about a block every 100 minutes (1 hour and 40 minutes), on average. If a pool has 5% of the hashrate, then they mine one block about every 200 minutes (3 hours and 20 minutes), on average.

* [https://binance.com Binance Pool] - is a prominent cryptocurrency mining pool operated by Binance, one of the world's leading blockchain and cryptocurrency exchange platforms. In addition to its mining services, Binance Pool offers exclusive transaction acceleration services for VIP users, ensuring swift confirmation of their cryptocurrency transactions.

* [https://pool.viabtc.com/tools/txaccelerator/ ViaBTC] - Working as of December 30, 2020. ViaBTC implemented this service to protest against the prior 1MB limitation of the Bitcoin network. ViaBTC gives priority to user-submitted transactions for the next mined blocks by the ViaBTC pool. The only requirement is the transaction must include a minimum fee of 10 sat/B. The free-to-use nature of the service may have made it widely popular as every hour, the number of transaction requested reaches its limit (of 100) and it is common to be presented with the message “Submissions are beyond limit. Please try later.” on the top middle of the page. This means one must wait for the next hour to try a new submission. After submitting a transaction, there is a wait for the next block to be mined by ViaBTC Pool.

Transaction accelerator

2023-08-28T02:57:24Z

Luke-jr:

=What to Do if Your Bitcoin Transaction Gets "Stuck"=

The number of transactions on the Bitcoin network has steadily increased over the years. This means more blocks are filling up. And as not all transactions can be included in the blockchain straight away, backlogs form in miners’ “mempools” (a sort of “transaction queue.”)

Miners typically pick the transactions that pay the most fees and include these in their blocks first. Transactions that include lower fees are “outbid” on the so called “fee market,” and remain in miners’ mempools until a new block is found. If the transaction is outbid again, it has to wait until the next block.

This can lead to a suboptimal user experience. Transactions with too low a fee can take hours or even days to confirm, and sometimes never confirm at all.

==Fee Bumping==

The recommended approach to "accelerating" a transaction is to perform a [[fee bumping]] methods, either [[replace by fee|replace-by-fee]] (RBF), or [[Transaction fees#Feerates_for_dependent_transactions_.28child-pays-for-parent.29|child-pays-for-parent]] (CPFP), which are available to:

* Sender of the Bitcoin transaction: Replace-by-fee (RBF), and Child-pays-for-parent (CPFP)
* Recipient of the Bitcoin transaction: Child-pays-for-parent (CPFP)

==Bitcoin transaction accelerators==

Caution: As editors, we strive to present you with the most reliable accelerators in the industry. However, we strongly encourage you to conduct your own research by reviewing authentic feedback and verifying the legitimacy of the businesses. It's important to be aware that there are numerous purported transaction accelerators that are, unfortunately, fraudulent schemes. Some of these claim to collaborate with mining pools on your behalf. Yet, due to the challenges in verifying such claims and the past contentious discussions around providing an exhaustive list, we have refined our approach.

Hence, we are now exclusively listing accelerators that are definitively and verifiably operated by established pools or miners, possessing a minimum of 0.1% of the total network hash rate. This stringent criterion has been adopted to ensure the accuracy and reliability of the information we present.

===Mining Pool Accelerators===

A mining pool may offer a premium service in which they will prioritize a transaction, usually for a fee. The ability for that pool to get a transaction confirmed is limited to their ability to get a block confirmed -- and most pools have a tiny [https://www.blockchain.com/pools fraction of the hashrate]. For example, if a pool has 10% of the hashrate, they mine about a block every 100 minutes (1 hour and 40 minutes), on average. If a pool has 5% of the hashrate, then they mine one block about every 200 minutes (3 hours and 20 minutes), on average.

* [https://binance.com Binance Pool] - is a prominent cryptocurrency mining pool operated by Binance, one of the world's leading blockchain and cryptocurrency exchange platforms. In addition to its mining services, Binance Pool offers exclusive transaction acceleration services for VIP users, ensuring swift confirmation of their cryptocurrency transactions.

* [https://pool.viabtc.com/tools/txaccelerator/ ViaBTC] - Working as of December 30, 2020. ViaBTC implemented this service to protest against the prior 1MB limitation of the Bitcoin network. ViaBTC gives priority to user-submitted transactions for the next mined blocks by the ViaBTC pool. The only requirement is the transaction must include a minimum fee of 10 sat/B. The free-to-use nature of the service may have made it widely popular as every hour, the number of transaction requested reaches its limit (of 100) and it is common to be presented with the message “Submissions are beyond limit. Please try later.” on the top middle of the page. This means one must wait for the next hour to try a new submission. After submitting a transaction, there is a wait for the next block to be mined by ViaBTC Pool.

Transaction accelerator

2023-08-28T02:56:56Z

Luke-jr: Undo revision 69883 by Apichmedmam (talk)

=What to Do if Your Bitcoin Transaction Gets "Stuck"=

The number of transactions on the Bitcoin network has steadily increased over the years. This means more blocks are filling up. And as not all transactions can be included in the blockchain straight away, backlogs form in miners’ “mempools” (a sort of “transaction queue.”)

Miners typically pick the transactions that pay the most fees and include these in their blocks first. Transactions that include lower fees are “outbid” on the so called “fee market,” and remain in miners’ mempools until a new block is found. If the transaction is outbid again, it has to wait until the next block.

This can lead to a suboptimal user experience. Transactions with too low a fee can take hours or even days to confirm, and sometimes never confirm at all.

==Fee Bumping==

The recommended approach to "accelerating" a transaction is to perform a [[fee bumping]] methods, either [[replace by fee|replace-by-fee]] (RBF), or [[Transaction fees#Feerates_for_dependent_transactions_.28child-pays-for-parent.29|child-pays-for-parent]] (CPFP), which are available to:

* Sender of the Bitcoin transaction: Replace-by-fee (RBF), and Child-pays-for-parent (CPFP)
* Recipient of the Bitcoin transaction: Child-pays-for-parent (CPFP)

==Bitcoin transaction accelerators==

Caution: As editors, we strive to present you with the most reliable accelerators in the industry. However, we strongly encourage you to conduct your own research by reviewing authentic feedback and verifying the legitimacy of the businesses. It's important to be aware that there are numerous purported transaction accelerators that are, unfortunately, fraudulent schemes. Some of these claim to collaborate with mining pools on your behalf. Yet, due to the challenges in verifying such claims and the past contentious discussions around providing an exhaustive list, we have refined our approach.

Hence, we are now exclusively listing accelerators that are definitively and verifiably operated by established pools or miners, possessing a minimum of 0.1% of the total network hash rate. This stringent criterion has been adopted to ensure the accuracy and reliability of the information we present.

===Mining Pool Accelerators===

A mining pool may offer a premium service in which they will prioritize a transaction, usually for a fee. The ability for that pool to get a transaction confirmed is limited to their ability to get a block confirmed -- and most pools have a tiny [https://www.blockchain.com/pools fraction of the hashrate]. For example, if a pool has 10% of the hashrate, they mine about a block every 100 minutes (1 hour and 40 minutes), on average. If a pool has 5% of the hashrate, then they mine one block about every 200 minutes (3 hours and 20 minutes), on average.

* [https://binance.com Binance Pool] - is a prominent cryptocurrency mining pool operated by Binance, one of the world's leading blockchain and cryptocurrency exchange platforms. In addition to its mining services, Binance Pool offers exclusive transaction acceleration services for VIP users, ensuring swift confirmation of their cryptocurrency transactions.

* [https://pool.viabtc.com/tool/txaccelerator/ ViaBTC] - Working as of December 30, 2020. ViaBTC implemented this service to protest against the prior 1MB limitation of the Bitcoin network. ViaBTC gives priority to user-submitted transactions for the next mined blocks by the ViaBTC pool. The only requirement is the transaction must include a minimum fee of 10 sat/B. The free-to-use nature of the service may have made it widely popular as every hour, the number of transaction requested reaches its limit (of 100) and it is common to be presented with the message “Submissions are beyond limit. Please try later.” on the top middle of the page. This means one must wait for the next hour to try a new submission. After submitting a transaction, there is a wait for the next block to be mined by ViaBTC Pool.

Transaction accelerator

2023-08-23T14:40:07Z

Luke-jr:

=What to Do if Your Bitcoin Transaction Gets "Stuck"=

The number of transactions on the Bitcoin network has steadily increased over the years. This means more blocks are filling up. And as not all transactions can be included in the blockchain straight away, backlogs form in miners’ “mempools” (a sort of “transaction queue.”)

Miners typically pick the transactions that pay the most fees and include these in their blocks first. Transactions that include lower fees are “outbid” on the so called “fee market,” and remain in miners’ mempools until a new block is found. If the transaction is outbid again, it has to wait until the next block.

This can lead to a suboptimal user experience. Transactions with too low a fee can take hours or even days to confirm, and sometimes never confirm at all.

==Fee Bumping==

The recommended approach to "accelerating" a transaction is to perform a [[fee bumping]] methods, either [[replace by fee|replace-by-fee]] (RBF), or [[Transaction fees#Feerates_for_dependent_transactions_.28child-pays-for-parent.29|child-pays-for-parent]] (CPFP), which are available to:

* Sender of the Bitcoin transaction: Replace-by-fee (RBF), and Child-pays-for-parent (CPFP)
* Recipient of the Bitcoin transaction: Child-pays-for-parent (CPFP)

==Bitcoin transaction accelerators==

Caution: As editors, we strive to present you with the most reliable accelerators in the industry. However, we strongly encourage you to conduct your own research by reviewing authentic feedback and verifying the legitimacy of the businesses. It's important to be aware that there are numerous purported transaction accelerators that are, unfortunately, fraudulent schemes. Some of these claim to collaborate with mining pools on your behalf. Yet, due to the challenges in verifying such claims and the past contentious discussions around providing an exhaustive list, we have refined our approach.

Hence, we are now exclusively listing accelerators that are definitively and verifiably operated by established pools or miners, possessing a minimum of 0.1% of the total network hash rate. This stringent criterion has been adopted to ensure the accuracy and reliability of the information we present.

===Mining Pool Accelerators===

A mining pool may offer a premium service in which they will prioritize a transaction, usually for a fee. The ability for that pool to get a transaction confirmed is limited to their ability to get a block confirmed -- and most pools have a tiny [https://www.blockchain.com/pools fraction of the hashrate]. For example, if a pool has 10% of the hashrate, they mine about a block every 100 minutes (1 hour and 40 minutes), on average. If a pool has 5% of the hashrate, then they mine one block about every 200 minutes (3 hours and 20 minutes), on average.

* [https://binance.com Binance Pool] - is a prominent cryptocurrency mining pool operated by Binance, one of the world's leading blockchain and cryptocurrency exchange platforms. In addition to its mining services, Binance Pool offers exclusive transaction acceleration services for VIP users, ensuring swift confirmation of their cryptocurrency transactions.

* [https://pool.viabtc.com/tools/txaccelerator/ ViaBTC] - Working as of December 30, 2020. ViaBTC implemented this service to protest against the prior 1MB limitation of the Bitcoin network. ViaBTC gives priority to user-submitted transactions for the next mined blocks by the ViaBTC pool. The only requirement is the transaction must include a minimum fee of 10 sat/B. The free-to-use nature of the service may have made it widely popular as every hour, the number of transaction requested reaches its limit (of 100) and it is common to be presented with the message “Submissions are beyond limit. Please try later.” on the top middle of the page. This means one must wait for the next hour to try a new submission. After submitting a transaction, there is a wait for the next block to be mined by ViaBTC Pool.

Transaction accelerator

2023-08-22T20:00:30Z

Luke-jr:

=What to Do if Your Bitcoin Transaction Gets "Stuck"=

The number of transactions on the Bitcoin network has steadily increased over the years. This means more blocks are filling up. And as not all transactions can be included in the blockchain straight away, backlogs form in miners’ “mempools” (a sort of “transaction queue.”)

Miners typically pick the transactions that pay the most fees and include these in their blocks first. Transactions that include lower fees are “outbid” on the so called “fee market,” and remain in miners’ mempools until a new block is found. If the transaction is outbid again, it has to wait until the next block.

This can lead to a suboptimal user experience. Transactions with too low a fee can take hours or even days to confirm, and sometimes never confirm at all.

==Fee Bumping==

The recommended approach to "accelerating" a transaction is to perform a [[fee bumping]] methods, either [[replace by fee|replace-by-fee]] (RBF), or [[Transaction fees#Feerates_for_dependent_transactions_.28child-pays-for-parent.29|child-pays-for-parent]] (CPFP), which are available to:

* Sender of the Bitcoin transaction: Replace-by-fee (RBF), and Child-pays-for-parent (CPFP)
* Recipient of the Bitcoin transaction: Child-pays-for-parent (CPFP)

==Bitcoin transaction accelerators==

Caution: As editors, we strive to present you with the most reliable accelerators in the industry. However, we strongly encourage you to conduct your own research by reviewing authentic feedback and verifying the legitimacy of the businesses. It's important to be aware that there are numerous purported transaction accelerators that are, unfortunately, fraudulent schemes. Some of these claim to collaborate with mining pools on your behalf. Yet, due to the challenges in verifying such claims and the past contentious discussions around providing an exhaustive list, we have refined our approach.

Hence, we are now exclusively listing accelerators that are definitively and verifiably operated by established pools or miners, possessing a minimum of 0.1% of the total network hash rate. This stringent criterion has been adopted to ensure the accuracy and reliability of the information we present.

===Mining Pool Accelerators===

A mining pool may offer a premium service in which they will prioritize a transaction, usually for a fee. The ability for that pool to get a transaction confirmed is limited to their ability to get a block confirmed -- and most pools have a tiny [https://www.blockchain.com/pools fraction of the hashrate]. For example, if a pool has 10% of the hashrate, they mine about a block every 100 minutes (1 hour and 40 minutes), on average. If a pool has 5% of the hashrate, then they mine one block about every 200 minutes (3 hours and 20 minutes), on average.

* [https://binance.com Binance Pool] - is a prominent cryptocurrency mining pool operated by Binance, one of the world's leading blockchain and cryptocurrency exchange platforms. In addition to its mining services, Binance Pool offers exclusive transaction acceleration services for VIP users, ensuring swift confirmation of their cryptocurrency transactions.

* [https://pool.viabtc.com/tools/txaccelerator/ ViaBTC] - Working as of December 30, 2020. ViaBTC implemented this service to protest against the prior 1MB limitation of the Bitcoin network. ViaBTC gives priority to user-submitted transactions for the next mined blocks by the ViaBTC pool. The only requirement is the transaction must include a minimum fee of 10 sat/B. The free-to-use nature of the service may have made it widely popular as every hour, the number of transaction requested reaches its limit (of 100) and it is common to be presented with the message “Submissions are beyond limit. Please try later.” on the top middle of the page. This means one must wait for the next hour to try a new submission. After submitting a transaction, there is a wait for the next block to be mined by ViaBTC Pool.

Transaction accelerator

2023-08-19T14:25:06Z

Luke-jr: Do not add sites that do not meet the new criteria.

=What to Do if Your Bitcoin Transaction Gets "Stuck"=

The number of transactions on the Bitcoin network has steadily increased over the years. This means more blocks are filling up. And as not all transactions can be included in the blockchain straight away, backlogs form in miners’ “mempools” (a sort of “transaction queue.”)

Miners typically pick the transactions that pay the most fees and include these in their blocks first. Transactions that include lower fees are “outbid” on the so called “fee market,” and remain in miners’ mempools until a new block is found. If the transaction is outbid again, it has to wait until the next block.

This can lead to a suboptimal user experience. Transactions with too low a fee can take hours or even days to confirm, and sometimes never confirm at all.

==Fee Bumping==

The recommended approach to "accelerating" a transaction is to perform a [[fee bumping]] methods, either [[replace by fee|replace-by-fee]] (RBF), or [[Transaction fees#Feerates_for_dependent_transactions_.28child-pays-for-parent.29|child-pays-for-parent]] (CPFP), which are available to:

* Sender of the Bitcoin transaction: Replace-by-fee (RBF), and Child-pays-for-parent (CPFP)
* Recipient of the Bitcoin transaction: Child-pays-for-parent (CPFP)

==Bitcoin transaction accelerators==

Caution: As editors, we strive to present you with the most reliable accelerators in the industry. However, we strongly encourage you to conduct your own research by reviewing authentic feedback and verifying the legitimacy of the businesses. It's important to be aware that there are numerous purported transaction accelerators that are, unfortunately, fraudulent schemes. Some of these claim to collaborate with mining pools on your behalf. Yet, due to the challenges in verifying such claims and the past contentious discussions around providing an exhaustive list, we have refined our approach.

Hence, we are now exclusively listing accelerators that are definitively and verifiably operated by established pools or miners, possessing a minimum of 0.1% of the total network hash rate. This stringent criterion has been adopted to ensure the accuracy and reliability of the information we present.

===Mining Pool Accelerators===

A mining pool may offer a premium service in which they will prioritize a transaction, usually for a fee. The ability for that pool to get a transaction confirmed is limited to their ability to get a block confirmed -- and most pools have a tiny [https://www.blockchain.com/pools fraction of the hashrate]. For example, if a pool has 10% of the hashrate, they mine about a block every 100 minutes (1 hour and 40 minutes), on average. If a pool has 5% of the hashrate, then they mine one block about every 200 minutes (3 hours and 20 minutes), on average.

* [https://binance.com Binance Pool] - is a prominent cryptocurrency mining pool operated by Binance, one of the world's leading blockchain and cryptocurrency exchange platforms. In addition to its mining services, Binance Pool offers exclusive transaction acceleration services for VIP users, ensuring swift confirmation of their cryptocurrency transactions.

* [https://pool.viabtc.com/tools/txaccelerator/ ViaBTC] - Working as of December 30, 2020. ViaBTC implemented this service to protest against the prior 1MB limitation of the Bitcoin network. ViaBTC gives priority to user-submitted transactions for the next mined blocks by the ViaBTC pool. The only requirement is the transaction must include a minimum fee of 10 sat/B. The free-to-use nature of the service may have made it widely popular as every hour, the number of transaction requested reaches its limit (of 100) and it is common to be presented with the message “Submissions are beyond limit. Please try later.” on the top middle of the page. This means one must wait for the next hour to try a new submission. After submitting a transaction, there is a wait for the next block to be mined by ViaBTC Pool.

Transaction accelerator

2023-08-17T12:50:35Z

Luke-jr:

=What to Do if Your Bitcoin Transaction Gets "Stuck"=

The number of transactions on the Bitcoin network has steadily increased over the years. This means more blocks are filling up. And as not all transactions can be included in the blockchain straight away, backlogs form in miners’ “mempools” (a sort of “transaction queue.”)

Miners typically pick the transactions that pay the most fees and include these in their blocks first. Transactions that include lower fees are “outbid” on the so called “fee market,” and remain in miners’ mempools until a new block is found. If the transaction is outbid again, it has to wait until the next block.

This can lead to a suboptimal user experience. Transactions with too low a fee can take hours or even days to confirm, and sometimes never confirm at all.

==Fee Bumping==

The recommended approach to "accelerating" a transaction is to perform a [[fee bumping]] methods, either [[replace by fee|replace-by-fee]] (RBF), or [[Transaction fees#Feerates_for_dependent_transactions_.28child-pays-for-parent.29|child-pays-for-parent]] (CPFP), which are available to:

* Sender of the Bitcoin transaction: Replace-by-fee (RBF), and Child-pays-for-parent (CPFP)
* Recipient of the Bitcoin transaction: Child-pays-for-parent (CPFP)

==Bitcoin transaction accelerators==

Caution: There are many supposed transaction accelerators that are outright scams. Some claim to work with pools on your behalf, but this wiki's editors cannot verify claims, and the prior attempt to provide a more comprehensive list was too heated. Therefore, only accelerators verifiably officially run by a pool or miner with at least 0.1% of network hashrate may be added to the list below.

===Mining Pool Accelerators===

A mining pool may offer a premium service in which they will prioritize a transaction, usually for a fee. The ability for that pool to get a transaction confirmed is limited to their ability to get a block confirmed -- and most pools have a tiny [https://www.blockchain.com/pools fraction of the hashrate]. For example, if a pool has 10% of the hashrate, they mine about a block every 100 minutes (1 hour and 40 minutes), on average. If a pool has 5% of the hashrate, then they mine one block about every 200 minutes (3 hours and 20 minutes), on average.

* [https://binance.com Binance Pool] - is a prominent cryptocurrency mining pool operated by Binance, one of the world's leading blockchain and cryptocurrency exchange platforms. In addition to its mining services, Binance Pool offers exclusive transaction acceleration services for VIP users, ensuring swift confirmation of their cryptocurrency transactions.

* [https://pool.viabtc.com/tools/txaccelerator/ ViaBTC] - Working as of December 30, 2020. ViaBTC implemented this service to protest against the prior 1MB limitation of the Bitcoin network. ViaBTC gives priority to user-submitted transactions for the next mined blocks by the ViaBTC pool. The only requirement is the transaction must include a minimum fee of 10 sat/B. The free-to-use nature of the service may have made it widely popular as every hour, the number of transaction requested reaches its limit (of 100) and it is common to be presented with the message “Submissions are beyond limit. Please try later.” on the top middle of the page. This means one must wait for the next hour to try a new submission. After submitting a transaction, there is a wait for the next block to be mined by ViaBTC Pool.

Transaction accelerator

2023-08-17T02:03:10Z

Luke-jr: /* Bitcoin transaction accelerators */ Limit list to official mining pool accelerators

=What to Do if Your Bitcoin Transaction Gets "Stuck"=

The number of transactions on the Bitcoin network has steadily increased over the years. This means more blocks are filling up. And as not all transactions can be included in the blockchain straight away, backlogs form in miners’ “mempools” (a sort of “transaction queue.”)

Miners typically pick the transactions that pay the most fees and include these in their blocks first. Transactions that include lower fees are “outbid” on the so called “fee market,” and remain in miners’ mempools until a new block is found. If the transaction is outbid again, it has to wait until the next block.

This can lead to a suboptimal user experience. Transactions with too low a fee can take hours or even days to confirm, and sometimes never confirm at all.

==Fee Bumping==

The recommended approach to "accelerating" a transaction is to perform a [[fee bumping]] methods, either [[replace by fee|replace-by-fee]] (RBF), or [[Transaction fees#Feerates_for_dependent_transactions_.28child-pays-for-parent.29|child-pays-for-parent]] (CPFP), which are available to:

* Sender of the Bitcoin transaction: Replace-by-fee (RBF), and Child-pays-for-parent (CPFP)
* Recipient of the Bitcoin transaction: Child-pays-for-parent (CPFP)

==Bitcoin transaction accelerators==

Caution: There are many supposed transaction accelerators that are outright scams. Some claim to work with pools on your behalf, but this wiki's editors cannot verify claims, and the prior attempt to provide a more comprehensive list was too heated. Therefore, only accelerators verifiably officially run by a pool or miner with at least 0.1% of network hashrate may be added to the list below.

===Mining Pool Accelerators===

A mining pool may offer a premium service in which they will prioritize a transaction, usually for a fee. The ability for that pool to get a transaction confirmed is limited to their ability to get a block confirmed -- and most pools have a tiny [https://www.blockchain.com/pools fraction of the hashrate]. For example, if a pool has 10% of the hashrate, they mine about a block every 100 minutes (1 hour and 40 minutes), on average. If a pool has 5% of the hashrate, then they mine one block about every 200 minutes (3 hours and 20 minutes), on average.

* [https://binance.com Binance Pool] - is a prominent cryptocurrency mining pool operated by Binance, one of the world's leading blockchain and cryptocurrency exchange platforms. In addition to its mining services, Binance Pool offers exclusive transaction acceleration services for VIP users, ensuring swift confirmation of their cryptocurrency transactions.

* [https://pool.viabtc.com/tools/txaccelerator/ ViaBTC] - Working as of December 30, 2020. ViaBTC implemented this service to protest against the prior 1MB limitation of the Bitcoin network. ViaBTC gives priority to user-submitted transactions for the next mined blocks by the ViaBTC pool. The only requirement is the transaction must include a minimum fee of 10 sat/B. The free-to-use nature of the service may have made it widely popular as every hour, the number of transaction requested reaches its limit (of 100) and it is common to be presented with the message “Submissions are beyond limit. Please try later.” on the top middle of the page. This means one must wait for the next hour to try a new submission. After submitting a transaction, there is a wait for the next block to be mined by ViaBTC Pool.

User:Chmod755

2023-08-16T03:57:19Z

Luke-jr: No scamcoins

==Profiles==
* [http://bitcoin-otc.com/viewratingdetail.php?nick=chmod755 Bitcoin OTC]

User talk:BitTools

2023-07-31T12:52:51Z

Luke-jr: Created page with "==bitcoin accelerator sites== What is your relationship with the sites you've been adding to the wiki? How do they work? (It seems there are accusations of scam and worse...)..."

==bitcoin accelerator sites==

What is your relationship with the sites you've been adding to the wiki? How do they work? (It seems there are accusations of scam and worse...) Do not add them back until this discussion has been resolved. Thanks. --[[User:Luke-jr|Luke-jr]] ([[User talk:Luke-jr|talk]]) 12:52, 31 July 2023 (UTC)

Help:Introduction

2023-07-03T13:23:55Z

Luke-jr: Update data and remove misinformation

The purpose of this page is to provide a general overview of the Bitcoin system and economy.

==Basic Concepts==

===Currency===

Alice wants to buy the [[Alpaca|Alpaca socks]] which Bob has for sale. In return, she must provide something of equal value to Bob. The most efficient way to do this is by using a medium of exchange that Bob accepts which would be classified as currency. Currency makes trade easier by eliminating the need for [https://en.wikipedia.org/wiki/Coincidence_of_wants coincidence of wants] required in other systems of trade such as barter. Currency adoption and acceptance can be global, national, or in some cases local or community-based.

===Banks===

Alice need not provide currency to Bob in-person. She may instead transfer this value by first entrusting her currency to a bank who promises to store and protect Alice's currency notes. The bank gives Alice a written promise (called a "bank statement") that entitles her to withdraw the same number of currency bills that she deposited. Since the money is still Alice's, she is entitled to do with it whatever she pleases, and the bank (like most banks), for a small fee, will do Alice the service of passing on the currency bills to Bob on her behalf. This is done by Alice's bank by giving the dollar bills to Bob's bank and informing them that the money is for Bob, who will then see the amount the next time he checks his balance or receives his bank statement.

Since banks have many customers, and bank employees require money for doing the job of talking to people and signing documents, banks in recent times have been using machines such as ATMs and web servers that do the job of interacting with customers instead of paid bank employees. The task of these machines is to learn what each customer wants to do with their money and, to the extent that it is possible, act on what the customer wants (for example, ATMs can hand out cash). Customers can always know how much money they have in their accounts, and they are confident that the numbers they see in their bank statements and on their computer screens accurately reflect the number of dollars that they can get from the bank on demand. They can be so sure of this that they can accept those numbers in the same way they accept paper banknotes (this is similar to the way people started accepting paper dollars when they had been accepting gold or silver).

Such a system has several disadvantages:
* It is costly. [https://en.wikipedia.org/wiki/Electronic_funds_transfer EFTs] in Europe can cost 25 euros. Credit transactions can cost several percent of the transaction.
* It is slow. Checking and low cost wire services take days to complete.
* In most cases, it cannot be anonymous.
* Accounts can be frozen, or their balance partially or wholly confiscated.
* Banks and other payment processors like PayPal, Visa, and Mastercard may refuse to process payments for certain legal entities.

Bitcoin is a system of owning and voluntarily transferring amounts of so-called ''bitcoins'', in a manner similar to an on-line banking, but pseudonymously and without reliance on a central authority to maintain account balances. If bitcoins are valuable, it is because they are useful and limited in supply.

==Bitcoin Basics==

===Creation of coins===

The creation of coins must be limited for the currency to have any value.

New coins are slowly [[Mining|mined]] into existence by following a mutually agreed-upon set of rules. A user [[Mining|mining]] bitcoins is running a software program that searches for a solution to a very difficult math problem the difficulty of which is precisely known. This difficulty is automatically adjusted on a predictable schedule so that the number of solutions found globally for a given unit of time is constant: the global system aims for 6 per hour. When a solution is found, the user may tell everyone of the existence of this newly found solution along with other information packaged together in what is called a "[[Block|block]]". The solution itself is a [[Proof of work| proof-of-work]] or PoW. It is hard to find, but easy to verify.

Blocks create 6.25 new bitcoins at present [July 2023]. This amount, known as the block reward, is an incentive for people to perform the computation work required for generating blocks. Roughly every 4 years, the number of bitcoins that can be "mined" in a block reduces by 50%. Originally the block reward was 50 bitcoins; it halved in November 2012; it then halved again in July 2016. Any block that is created by a malicious user that does not follow this rule (or any other rules) will be rejected by everyone else. In the end, no more than 21 million bitcoins will ever exist.

Because the block reward will decrease over the long term, miners will some day instead pay for their hardware and electricity costs by collecting [[Transaction_fee|transaction fees]]. The sender of money may voluntarily pay a small transaction fee which will be kept by whoever finds the next block. Paying this fee will encourage miners to include the transaction in a block more quickly.

===Sending payments===

To guarantee that a third-party, let's call her Eve, cannot spend other people's bitcoins by creating transactions in their names, Bitcoin uses [[Wikipedia:Public-key_cryptography|public key cryptography]] to make and verify digital signatures. In this system, each person, such as Alice or Bob, has a [[Wallet|wallet]] with one or more private keys. Only the user with the private key can sign a transaction to give some of their bitcoins to somebody else, but anyone can validate the signature using that user’s public key.

Suppose Alice wants to send a bitcoin to Bob.
* Bob sends his address to Alice.
* Alice adds Bob’s address and the amount of bitcoins to transfer to a message: a 'transaction' message.
* Alice signs the transaction with her private key.
* Alice broadcasts the transaction on the Bitcoin network for all to see.

(Only the first two steps require human action. The rest is done by the Bitcoin client software.)

Looking at this transaction from the outside, anyone who knows that this address belongs to Bob can see that someone has agreed to transfer the amount to Bob, because nobody else has the correct private key. Alice would be foolish to give her private key to other people, as this would allow them to sign transactions, removing funds from her control.

Later on, when Bob wishes to transfer the same bitcoins to Charley, he will do the same thing:
* Charlie sends Bob his address.
* Bob adds Charlie's address and the amount of bitcoins to transfer to a message: a 'transaction' message.
* Bob signs the transaction with his private key.
* Bob broadcasts the transaction on the Bitcoin network for all to see.

Only Bob can do this because only he has the private key that can create a valid signature for the transaction.

Eve cannot change whose coins these are by replacing Bob’s address with her address, because Alice signed the transfer to Bob using her own private key, which is kept secret from Eve, and instructing that the coins which were hers now belong to Bob. So, if Charlie accepts that the original coin was in the hands of Alice, he will also accept the fact that this coin was later passed to Bob, and now Bob is passing this same coin to him.

===Preventing [[double-spending]]===

The process described above does not prevent Alice from using the same bitcoins in more than one transaction. The following process does; this is the primary innovation behind Bitcoin.

* Details about the [[Transactions|transaction]] are [[Network|sent and forwarded]] to all or as many other computers as possible.
* A constantly growing chain of [[Blocks|blocks]] that contains a record of all transactions is collectively maintained by all computers (each has a full copy).
* To be accepted in the chain, transaction blocks must be valid and must include [[proof of work]] (one block generated by the network every 10 minutes).
* Blocks are chained in a way so that, if any one is modified, all following blocks will have to be recomputed.
* When multiple valid continuations to this chain appear, only the longest such branch is accepted and it is then extended further.

When Bob sees that his transaction has been included in a block, which has been made part of the single longest and fastest-growing block chain (extended with significant computational effort), he can be confident that the transaction by Alice has been accepted by the computers in the network and is permanently recorded, preventing Alice from creating a second transaction with the same coin. In order for Alice to thwart this system and double-spend her coins, she would need to muster more computing power than all other Bitcoin users combined.

===Anonymity===

When it comes to the Bitcoin network itself, there are no "accounts" to set up, and no e-mail addresses, user-names or passwords are required to hold or spend bitcoins. Each balance is simply associated with an address and its public-private key pair. The money "belongs" to anyone who has the private key and can sign transactions with it. Moreover, those keys do not have to be registered anywhere in advance, as they are only used when required for a transaction. Transacting parties do not need to know each other's identity in the same way that a store owner does not know a cash-paying customer's name.

===Capitalization / Nomenclature===

Since Bitcoin is both a currency and a protocol, capitalization can be confusing. Accepted practice is to use ''Bitcoin'' (singular with an upper case letter B) to label the protocol, software, and community, and ''bitcoins'' (with a lower case b) to label units of the currency.

==See Also==
* [http://bitcoinhelp.net Bitcoin Help] — the simple guide to Bitcoin.
* Learn the entire history of Bitcoin in the interactive timeline at [http://historyofbitcoin.org History of Bitcoin].
* [https://www.weusecoins.com What Is Bitcoin?]
* [https://www.bitcoinmining.com What Is Bitcoin Mining?]

[[zh-cn:简介]]

[[de:Einführung]]
[[fr:Introduction]]

Wasabi Wallet

2023-07-03T13:16:32Z

Luke-jr: Reverted edits by TheHiddenWiki (talk) to last revision by NotATether

'''Wasabi Wallet''' is an open-source, non-custodial, '''privacy-focused''' Bitcoin wallet for Desktop that implements trustless '''[[CoinJoin]]'''. The code is on GitHub at [https://github.com/https://github.com/zkSNACKs/WalletWasabi zkSNACKs/WalletWasabi] where anyone can see, verify, and contribute to the project. Wasabi Wallet is trustless by design, meaning neither the public nor the developers can breach your privacy. This is accomplished via [https://github.com/bitcoin/bips/blob/master/bip-0158.mediawiki client-side block filtering](BIP158), communication over the [https://www.torproject.org Tor anonymity network], and the [https://github.com/zkSNACKs/WabiSabi WabiSabi] protocol: an anonymous credential scheme for centrally coordinated coinjoin transactions. The coinjoin coordinator is run by zkSNACKS Ltd., the company that sponsors the development of Wasabi Wallet. The developers have gone to great lengths to ensure that the coordinator cannot steal nor breach the privacy of any participant. This can all be verified by examining the open-source code.

Wasabi Wallet strives toward establishing solid industry best practices and standards. It implements [https://en.bitcoin.it/wiki/Deterministic_wallet Hierarchical Deterministic wallets] , [https://en.bitcoin.it/wiki/Address_reuse address reuse avoidance], as well as mandatory coin labeling. The wallet uses BIP-158 client-side block filtering to obtain its own transaction history in a private way and it has a one-click partial full node integration as it ships with Bitcoin Knots. If the user already has a Bitcoin full node on a local or remote device, then it is possible to specify the IP address and port, or the Tor onion service, and Wasabi will use it to verify and enforce the rules of Bitcoin.

In addition to this, Wasabi has advanced cutting-edge features like Opt-in PayJoin and [https://docs.wasabiwallet.io/FAQ/FAQ-UseWasabi.html#what-is-the-dust-threshold Dust attack] protections. You can find a full list of [https://docs.wasabiwallet.io/using-wasabi/BIPs.html#what-is-supported supported BIPs] in the wallet documentation. This is part of Wasabi Wallet’s [https://docs.wasabiwallet.io/ complete and detailed documentation] containing descriptions about the architecture and functionality of the wallet, as well as helpful tutorials on how to use it. There is also a [https://www.youtube.com/watch?v=ry6qIyQmzRE&list=PLPwc75tPMdsi2bSYL6qi79izHIvps2E6b tutorials playlist] on YouTube with short videos on how to use and interact with Wasabi Wallet.
=Wasabi Wallet installation=
[[File:Wasabiwallet.io.png|thumb|right|WasabiWallet.io homepage]]

Wasabi Wallet is easy to install. First, you have to go to https://wasabiwallet.io or http://wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion (for the onion service) and download the version for your own operating system. Wasabi is available in most operating systems with 64-bit architecture.

Linux, Windows and macOS (intel & M1) are the officially supported operating systems. For the complete compatibility list check the [https://github.com/zkSNACKs/WalletWasabi/blob/master/WalletWasabi.Documentation/WasabiCompatibility.md Wasabi Compatibility document]. It is also possible to manually verify the PGP signatures and the deterministic builds.

For a step-by-step tutorial on the installation and PGP verification, you can follow the [https://docs.wasabiwallet.io/using-wasabi/InstallPackage.html relevant chapter in the documentation].

Once the software is installed, icons will be created on the desktop and on the menu, you can click on them to open the program. If you have downloaded the ''.tar.gz'' version, then first extract it and then run the ''./wassabee'' command.

=Run Wasabi Wallet=

When you run Wasabi for the first time, you will be prompted to generate a wallet. You have the option to create a new wallet, connect to a hardware wallet, import a wallet from a file, or recover a wallet with a 12 word seed. When you generate the wallet, you will then be prompted to choose a unique name for it; choose a name that reflects the purpose of the wallet. If you create a new wallet you will be presented with 12 recovery words to record ([https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki BIP39]), followed by the option to encrypt your wallet with a secure password ([https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki BIP38]). You will always need the password in order to login to your wallet and whenever you spend your bitcoins, so remember to properly backup both the password and the 12 recovery words.

=Send and Receive bitcoin via Wasabi Wallet=

As explained above, Wasabi has '''mandatory coin labeling'''. This means that in order to send or receive bitcoin we have to specify custom labels for the address. These labels should be the name of any entities who know that this address is yours. Properly annotated labels is one of the most important features in Wasabi Wallet because it helps you better manage your privacy. A simple example of labeling is as follows: Alice pays you back for last night's pizza, so you label your receive address as ''Alice''. Now you have a record of the specific UTXO that Alice is aware of and can trace on the [[Block chain]].

'''Receiving Bitcoin'''
# Click ''Receive'' button
# Add Labels
# Scan or copy the unused bitcoin address.

'''Sending Bitcoin'''
# Click ''Send'' button
# Paste bitcoin address
# Enter amount in BTC or USD
# Add Labels
# Preview Transaction (option to specify custom transaction fee rate)
# Enter password.

=Coinjoin via Wasabi Wallet=

[[File:Wasabi Wallet Coinjoin.png|thumb | right |Wasabi Wallet 2.0]]

'''Coinjoins''' are the most important feature of Wasabi Wallet. '''Schnorr blind signatures''', (which is similar to the cryptography used in chaumian blind signatures and [[blinded bearer certificates]]) make it possible to run '''trustless''' (meaning nobody can steal) and '''private''' (meaning even the coordinator cannot spy) coinjoins where nobody learns the linkage between the mixed transaction inputs and outputs.

Wasabi Wallet implements the [https://eprint.iacr.org/2021/206 WabiSabi] protocol, which is an anonymous credential scheme for central coordinated coinjoin transactions. The zkSNACKs Ltd. company is who coordinates the coinjoin transactions for Wasabi Wallet. They take a fee for coordinating the coinjoin and use these funds to sponsors the Wasabi developers. The fee structure is as follows: coins with a value above 0.01 BTC costs 0.3% as a [https://github.com/zkSNACKs/WalletWasabi/tree/master/WalletWasabi.Backend coordinator fee] + [https://mempool.space/ mining fees]. Inputs of 0.01 BTC or below do not pay coordinator fees, nor remixes, even after one transaction. Thus, a payment made with coinjoined funds allows the sender and the recipient to remix their coins without paying coordinator fees.

 

{| class="wikitable" style="text-align:center;"
|- style="text-align:left;"
!
! > 0.01 BTC
! 0.01 BTC and less
|- style="vertical-align:middle;"
| Fresh input
| 0.3% coordination fee + mining fees
| mining fees
|- style="vertical-align:middle; background-color:rgba(73, 88, 107, 0.1);"
| Remix*
| mining fees
| mining fees
|- style="text-align:left;"
|}
<nowiki>*</nowiki>Remix includes a 1 hop transaction

 

[https://github.com/zkSNACKs/WabiSabi WabiSabi] was introduced in Wasabi Wallet 2.0 and improves upon the original [https://github.com/nopara73/ZeroLink ZeroLink] protocol of Wasabi Wallet 1.0. WabiSabi is a novel communication protocol for creating bitcoin coinjoin transactions with arbitrary amounts, which provides more privacy at less cost for the user. This new protocol utilizes keyed verification anonymous credentials and homomorphic value commitments to enable novel use cases and reduced overhead. WabiSabi enables the emergence of much larger coinjoins rounds with hundreds of inputs and outputs (e.g., [https://mempool.space/tx/4f0436e9406e5930f9cdaaf94144de72b2b204690e7b19fe5f80067545440a7c 4f0436e9406e5930f9cdaaf94144de72b2b204690e7b19fe5f80067545440a7c]).

=Controversies=

On March 13 2022, Wasabi announced that its zkSNACKs coordinator had plans for blacklisting tainted coins, which would prevent them from participating in CoinJoins.<ref>https://www.coindesk.com/tech/2022/03/14/wasabi-wallets-coinjoin-coordinator-to-blacklist-certain-bitcoin-transactions/</ref> This was met with backlash from some parts of the Bitcoin community who did not like the concept of taint.<ref>https://bitcointalk.org/index.php?topic=5405325.0</ref>. Wasabi has stated that they do not have access to any information that can link user identities, and acknowledged that the decision to blacklist tainted outputs was done proactively, with no legislation requiring them to do so.<ref>https://bitcoinist.com/wasabi-side-reasons-blacklisting-from-coinjoin/</ref>

[[Category:Privacy]]

=References=

CoinJoin

2023-07-03T13:16:32Z

Luke-jr: Reverted edits by TheHiddenWiki (talk) to last revision by Jesse.am

'''CoinJoin''' is a trustless method for combining multiple Bitcoin payments from multiple spenders into a single transaction to make it more difficult for outside parties to determine which spender paid which recipient or recipients. Unlike many other privacy solutions, coinjoin transactions do not require a modification to the bitcoin protocol.

This type of transaction was first described in posts<ref>[https://bitcointalk.org/?topic=139581 I taint rich! (Raw txn fun and disrupting 'taint' analysis; >51kBTC linked!)]</ref><ref>[https://bitcointalk.org/?topic=279249 CoinJoin: Bitcoin privacy for the real world]</ref> by gmaxwell.

==Motivation==

Bitcoin is often promoted as a tool for privacy but the only privacy that exists in Bitcoin comes from pseudonymous addresses which are fragile and easily compromised through reuse, "taint" analysis, tracking payments, IP address monitoring nodes, web-spidering, and many other mechanisms. Once broken this privacy is difficult and sometimes costly to recover.

Traditional banking provides a fair amount of privacy by default. Your inlaws don't see that you're buying birth control that deprives them of grandchildren, your employer doesn't learn about the non-profits you support with money from your paycheck, and thieves don't see your latest purchases or how wealthy you are to help them target and scam you. Poor privacy in Bitcoin can be a major practical disadvantage for both individuals and businesses.

Even when a user ends address reuse by switching to [http://bitcoinism.blogspot.com/2013/07/reclaiming-financial-privacy-with-hd.html BIP 32 address chains], they still have privacy loss from their old coins and the joining of past payments when they make larger transactions.

Privacy errors can also create externalized costs: You might have good practices but when you trade with people who don't (say ones using "green addresses") you and everyone you trade with loses some privacy. A loss of privacy also presents a grave systemic risk for Bitcoin: If degraded privacy allows people to assemble centralized lists of good and bad coins you may find Bitcoin's fungibility destroyed when your honestly accepted coin is later not honored by others, and its decentralization along with it when people feel forced to enforce popular blacklists on their own coin.

==Concept==

The idea is very simple, first some quick background:

[[Image:Twotx.png|class=fullwidth]]

A Bitcoin transaction consumes one or more inputs and creates one or more outputs with specified values.

Each input is an output from a past transaction. For each input there is a distinct signature (scriptsig) which is created in accordance with the rules specified in the past-output that it is consuming (scriptpubkey).

The Bitcoin system is charged with making sure the signatures are correct, that the inputs exist and are spendable, and that the sum of the output values is less than or equal to the sum of the input values (any excess becomes fees paid to miners for including the transaction).

It is normal for a transaction to spend many inputs in order to get enough value to pay its intended payment, often also creating an additional 'change' output to receive the unspent (and non-fee) excess.

There is no requirement that the scriptpubkeys of the inputs used be the same; i.e., no requirement that they be payments to the same address. And, in fact, when Bitcoin is correctly used with one address per payment, none of them will be the same.

When considering the history of Bitcoin ownership one could look at transactions which spend from multiple distinct scriptpubkeys as co-joining their ownership and make an assumption: How else could the transaction [[Common-input-ownership heuristic|spend from multiple addresses unless a common party controlled those addresses?]]

In the illustration 'transaction 2' spends coins which were assigned to 1A1 and 1C3. So 1A1 and 1C3 are necessarily the same party?

This assumption is incorrect. Usage in a single transaction does not prove common control (though it's currently pretty suggestive), and this is what makes '''CoinJoin''' possible:

The signatures, one per input, inside a transaction are '''completely''' independent of each other. This means that it's possible for Bitcoin users to agree on a set of inputs to spend, and a set of outputs to pay to, and then to individually and separately sign a transaction and later merge their signatures. The transaction is not valid and won't be accepted by the network until all signatures are provided, and no one will sign a transaction which is not to their liking.

To use this to increase privacy, the N users would agree on a uniform output size and provide inputs amounting to at least that size. The transaction would have N outputs of that size and potentially N more change outputs if some of the users provided input in excess of the target. All would sign the transaction, and then the transaction could be transmitted. No risk of theft at any point.

In the illustration 'transaction 2' has inputs from 1A1 and 1C3. Say we believe 1A1 is an address used for Alice and 1C3 is an address used for Charlie. Which of Alice and Charlie owns which of the 1D and 1E outputs?

The idea can also be used more casually. When you want to make a payment, find someone else who also wants to make a payment and make a joint payment together. Doing so doesn't increase privacy much, but it actually makes your transaction smaller and thus easier on the network (and lower in fees); the extra privacy is a perk.

Such a transaction is externally indistinguishable from a transaction created through conventional use. Because of this, if these transactions become widespread they improve the privacy even of people who do not use them, because no longer will input co-joining be strong evidence of common control.

There are many variations of this idea possible, and all can coexist because the idea requires no changes to the Bitcoin system. Let a thousand flowers bloom: we can have diversity in ways of accomplishing this and learn the best.

==Example==

An example 2-party coinjoin transaction. https://chain.localbitcoins.com/tx/c38aac9910f327700e0f199972eed8ea7c6b1920e965f9cb48a92973e7325046
The outputs to addresses 1MUzngtNnrQRXRqqRTeDmpULW8X1aaGWeR and 1Fufjpf9RM2aQsGedhSpbSCGRHrmLMJ7yY are coinjoined because they are both of value 0.01btc.

Another example is this 3-party coinjoin. https://chain.localbitcoins.com/tx/92a78def188053081187b847b267f0bfabf28368e9a7a642780ce46a78f551ba

==FAQ==

===Don't you need tor or something to prevent everyone from learning everyone's IP?===

Any transaction privacy system that hopes to hide user's addresses should start with some kind of anonymity network. This is no different. Fortunately networks like Tor, I2P, Bitmessage, and Freenet all already exist and could all be used for this. (Freenet would result in rather slow transactions, however)

However, gumming up "taint analysis" and reducing transaction sizes doesn't even require that the users be private from each other. So even without things like tor this would be no worse than regular transactions.

===Don't the users learn which inputs match up to which outputs?===

In the simplest possible implementation where users meet up on IRC over tor or the like, yes they do. The next simplest implementation is where the users send their input and output information to some meeting point server, and the server creates the transaction and asks people to sign it. The server learns the mapping, but no one else does, and the server still can't steal the coins.

More complicated implementations are possible where even the server doesn't learn the mapping.

E.g. Using chaum blind signatures: The users connect and provide inputs (and change addresses) and a cryptographically-blinded version of the address they want their private coins to go to; the server signs the tokens and returns them. The users anonymously reconnect, unblind their output addresses, and return them to the server. The server can see that all the outputs were signed by it and so all the outputs had to come from valid participants. Later people reconnect and sign.

Similar things can be accomplished with various zero-knowledge proof systems.

===Does the totally private version need to have a server at all? What if it gets shut down?===

No. The same privacy can be achieved in a decentralized manner where all users act as blind-signing servers. This ends up needing n^2 signatures, and distributed systems are generally a lot harder to create. I don't know if there is, or ever would be, a reason to bother with a fully distributed version with full privacy, but it's certainly possible.

===What about DOS attacks? Can't someone refuse to sign even if the transaction is valid?===

Yes, this can be DOS attacked in two different ways: someone can refuse to sign a valid joint transaction, or someone can spend their input out from under the joint transaction before it completes.

However, if all the signatures don't come in within some time limit, or a conflicting transaction is created, you can simply leave the bad parties and try again. With an automated process any retries would be invisible to the user. So the only real risk is a persistent DOS attacker.

In the non-decentralized (or decentralized but non-private to participants) case, gaining some immunity to DOS attackers is easy: if someone fails to sign for an input, you blacklist that input from further rounds. They are then naturally rate-limited by their ability to create more confirmed Bitcoin transactions.

Gaining DOS immunity in a decentralized system is considerably harder, because it's hard to tell which user actually broke the rules. One solution is to have users perform their activity under a zero-knowledge proof system, so you could be confident which user is the cheater and then agree to ignore them.

In all cases you could supplement anti-DOS mechanisms with proof of work, a fidelity bond, or other scarce resource usage. But I suspect that it's better to adapt to actual attacks as they arise, as we don't have to commit to a single security mechanism in advance and for all users. I also believe that bad input exclusion provides enough protection to get started.

===Isn't the anonymity set size limited by how many parties you can get in a single transaction?===

Not quite. The anonymity set size of a single transaction is limited by the number of parties in it, obviously. And transaction size limits as well as failure (retry) risk mean that really huge joint transactions would not be wise. But because these transactions are cheap, there is no limit to the number of transactions you can cascade.

In particular, if you can build transactions with m participants per transaction you can create a sequence of m*3 transactions which form a three-stage [http://en.wikipedia.org/wiki/Clos_network switching network] that permits any of m^2 final outputs to have come from any of m^2 original inputs (e.g. using three stages of 32 transactions with 32 inputs each 1024 users can be joined with a total of 96 transactions). This allows the anonymity set to be any size, limited only by participation.

In practice I expect most users only want to prevent nosy friends (and thieves) from prying into their financial lives, and to recover some of the privacy they lost due to bad practices like address reuse. These users will likely be happy with only a single pass; other people will just operate opportunistically, while others may work to achieve many passes and big anonymity sets. All can coexist.

===How does this compare to [http://zerocoin.org/ zerocoin]?===

As a crypto and computer science geek I'm super excited by Zerocoin: the technology behind it is fascinating and important. But as a Bitcoin user and developer the promotion of it as the solution to improved privacy disappoints me.

Zerocoin has a number of serious limitations:
* It uses cutting-edge cryptography which may turn out to be insecure, and which is understood by relatively few people (compared to ECDSA, for example).
* It produces large (20kbyte) signatures that would bloat the blockchain (or create risk if stuffed in external storage).
* It requires a trusted party to initiate its accumulator. If that party cheats, they can steal coin. (Perhaps fixable with more cutting-edge crypto.)
* Validation is very slow (can process about 2tx per second on a fast CPU), which is a major barrier to deployment in Bitcoin as each full node must validate every transaction.
* The large transactions and slow validation also means costly transactions, which will reduce the anonymity set size and potentially make ZC usage unavailable to random members of the public who are merely casually concerned about their privacy.
* Uses an accumulator which grows forever and has no pruning. In practice this means we'd need to switch accumulators periodically to reduce the working set size, reducing the anonymity set size. And potentially creating big UTXO bloat problems if the horizon on an accumulator isn't set in advance.

Some of these things may improve significantly with better math and software engineering over time.

But above all: '''Zerocoin requires a soft-forking change to the Bitcoin protocol''', which all full nodes must adopt, which would commit Bitcoin to a particular version of the Zerocoin protocol. This cannot happen fast—probably not within years, especially considering that there is so much potential for further refinement to the algorithm to lower costs. It would be politically contentious, as some developers and Bitcoin businesses are very concerned about being overly associated with "anonymity". Network-wide rule changes are something of a suicide pact: we shouldn't, and don't, take them lightly.

'''CoinJoin transactions work today''', and they've worked since the first day of Bitcoin. They are indistinguishable from normal transactions and thus cannot be blocked or inhibited except to the extent that any other Bitcoin transaction could be blocked.

(As an aside: ZC could potentially be used externally to Bitcoin in a decentralized CoinJoin as a method of mutually blinding the users in a DOS attack resistant way. This would allow ZC to mature under live fire without taking its costs or committing to a specific protocol network-wide.)

The primary argument I can make for ZC over CoinJoin, beyond it stoking my crypto-geek desires, is that it may potentially offer a larger anonymity set. But with the performance and scaling limits of ZC, and the possibility to construct sorting network transactions with CJ, or just the ability to use hundreds of CJ transactions with the storage and processing required for one ZC transactions, I don't know which would actually produce bigger anonymity sets in practice. E.g. To join 1024 users, just the ZC redemptions would involve 20k * 1024 bytes of data compared to less than 3% of that for a complete three-stage cascade of 32 32-way joint transactions. Though the ZC anonymity set could more easily cross larger spans of time.

The anonymity sets of CoinJoin transactions could easily be big enough for common users to regain some of their casual privacy and that's what I think is most interesting.

===How does this compare to [https://bitcointalk.org/index.php?topic=277389.0 CoinWitness]?===

CoinWitness is even more rocket-sciency than Zerocoin, it also shares many of the weaknesses as a privacy-improver: Novel crypto, computational cost, and the huge point of requiring a soft fork and not being available today. It may have some scaling advantages if it is used as more than just a privacy tool. But it really is overkill for this problem, and won't be available anytime real soon.

===Sounds great! Where is it?===

The two main ready-to-use software CoinJoin implementations are [[Wasabi Wallet]] (https://wasabiwallet.io/) and [[JoinMarket]] (https://github.com/Joinmarket-Org/joinmarket-clientserver). Currently, crypto-processing [[Apirone]] (https://apirone.com/) use pre-mix of UTXO based on CoinJoin technology.

Wasabi Wallet implements the [https://eprint.iacr.org/2021/206 WabiSabi] protocol for the construction of CoinJoin transactions with the aid of a central coordinator (run by zkSNACKs Ltd., the company that is sponsoring the development of Wasabi) who cannot steal from, nor breach the privacy of the participants. Coinjoining coins with a value above 0.01 BTC costs 0.3% as a [https://github.com/zkSNACKs/WalletWasabi/tree/master/WalletWasabi.Backend coordinator fee] + [https://mempool.space/ mining fees]. Inputs of 0.01 BTC or below do not pay coordinator fees, nor remixes, even after one transaction. Thus, a payment made with coinjoined funds allows the sender and the recipient to remix their coins without paying coordinator fees.

{| class="wikitable" style="text-align:center;"
|- style="text-align:left;"
!
! > 0.01 BTC
! 0.01 BTC and less
|- style="vertical-align:middle;"
| Fresh input
| 0.3% coordination fee + mining fees
| mining fees
|- style="vertical-align:middle; background-color:rgba(73, 88, 107, 0.1);"
| Remix*
| mining fees
| mining fees
|- style="text-align:left;"
|}
<nowiki>*</nowiki>Remix includes a 1 hop transaction

JoinMarket, instead, works by creating a new kind of market consisting of one group of participants (called market makers) that will always be available to take part in CoinJoins at any time and another group participants (called market takers) that can create a CoinJoin at any time. The takers pay a fee which incentivizes the makers.

==See Also==
* [[User:Gmaxwell/state_of_coinjoin]]
* [[Common-input-ownership heuristic]]
* [[JoinMarket]]

==References==
<references>
</references>

[[Category:Privacy]]