VYPR

Bitcoin Knots

by Bitcoin Foundation

Source repositories

CVEs (3)

  • CVE-2016-10725HigJul 5, 2018
    risk 0.42cvss 7.5epss 0.03

    In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This…

  • CVE-2016-10724HigJul 5, 2018
    risk 0.42cvss 7.5epss 0.02

    Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized…

  • CVE-2016-8889MedOct 28, 2016
    risk 0.40cvss 6.2epss 0.00

    In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.