Alerts

miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different...

Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does...

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.

Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug.

In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled.

In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.

Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.

Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.

Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.

Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file.