CVE-2013-2292

Name: CVE-2013-2292
Creator: NVD / NIST
Published: 2013-03-12T11:28:18.373+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.55%

Last modified Jun 16, 2026

CVE-2013-2292 is a vulnerability of currently unknown severity. bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.. EPSS estimates a 2.55% chance of exploitation in the next 30 days.

Description

bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes.

Metrics

EPSS Probability

2.55%

83.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions	Update
Bitcoin	Bitcoin-Qt	0.4	Rc4
Bitcoin	Bitcoin-Qt	0.4.8	Rc4
Bitcoin	Bitcoin-Qt	0.5.0	Rc1
Bitcoin	Bitcoin-Qt	0.5.0.4	—
Bitcoin	Bitcoin-Qt	0.5.1	Rc1
Bitcoin	Bitcoin-Qt	0.5.3.0	—
Bitcoin	Bitcoin-Qt	0.5.7	—
Bitcoin	Bitcoin-Qt	0.6.0.10	Rc4
Bitcoin	Bitcoin-Qt	0.6.3	—
Bitcoin	Bitcoin-Qt	0.7.0	Rc1
Bitcoin	Bitcoin-Qt	0.7.1	—
Bitcoin	Bitcoin-Qt	0.7.2	—
Bitcoin	Bitcoin Core	All versions	—
Bitcoin	Bitcoin Core	<= 0.8.0	—
Bitcoin	Bitcoin Core	0.3.4	—
Bitcoin	Bitcoin Core	0.3.5	—
Bitcoin	Bitcoin Core	0.3.8	—
Bitcoin	Bitcoin Core	0.3.10	—
Bitcoin	Bitcoin Core	0.3.11	—
Bitcoin	Bitcoin Core	0.3.12	—
Bitcoin	Bitcoin Core	0.4.0	—
Bitcoin	Bitcoin Core	0.4.1	—
Bitcoin	Bitcoin Core	0.4.2	—
Bitcoin	Bitcoin Core	0.4.3	—
Bitcoin	Bitcoin Core	0.4.4	—
Bitcoin	Bitcoin Core	0.4.5	—
Bitcoin	Bitcoin Core	0.4.6	—
Bitcoin	Bitcoin Core	0.4.7	Rc2
Bitcoin	Bitcoin Core	0.5.0	Rc
Bitcoin	Bitcoin Core	0.5.3	—
Bitcoin	Bitcoin Core	0.5.3.1	—
Bitcoin	Bitcoin Core	0.5.4	—
Bitcoin	Bitcoin Core	0.5.5	—
Bitcoin	Bitcoin Core	0.5.6	Rc2
Bitcoin	Bitcoin Core	0.6.0.1	—
Bitcoin	Bitcoin Core	0.6.0.2	—
Bitcoin	Bitcoin Core	0.6.0.3	—
Bitcoin	Bitcoin Core	0.6.0.4	—
Bitcoin	Bitcoin Core	0.6.0.5	—
Bitcoin	Bitcoin Core	0.6.0.6	—
Bitcoin	Bitcoin Core	0.6.0.7	—
Bitcoin	Bitcoin Core	0.6.0.8	—
Bitcoin	Bitcoin Core	0.6.1	—
Bitcoin	Bitcoin Core	0.6.2	—
Bitcoin	Bitcoind	0.4.4	Rc4
Bitcoin	Bitcoind	0.5.7	—
Bitcoin	Bitcoind	0.6.0.0	—
Bitcoin	Bitcoind	0.6.0.10	Rc4
Bitcoin	Bitcoind	0.6.3	—
Bitcoin	Bitcoind	0.6.4	Rc4

Showing 50 of 53 affected configurations. See NVD for the full list.

References

https://bitcointalk.org/?topic=140078
https://en.bitcoin.it/wiki/CVEsVendor Advisory
https://bitcointalk.org/?topic=140078
https://en.bitcoin.it/wiki/CVEsVendor Advisory

Timeline

Published: Mar 12, 2013
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-2292?

How severe is CVE-2013-2292?

Severity scoring for CVE-2013-2292 is pending analysis. The EPSS model estimates a 2.55% probability of exploitation in the next 30 days.

How do I fix CVE-2013-2292?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-2292?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST