Description
Bitcoin Core 0.13.0 through 29.x has an integer overflow.
Published: 2026-03-20
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Potential Value Corruption
Action: Apply patch
AI Analysis

Impact

This vulnerability is an integer overflow present in Bitcoin Core versions 0.13.0 through 29.x. It can cause a holder of a crafted transaction to manipulate counters or indices, potentially resulting in corrupted transaction values, compromised chain validation, or incorrect balance calculations. The weakness corresponds to CWE-190, which is an arithmetic overflow that can lead to data integrity issues.

Affected Systems

Bitcoin Core software is affected. The vulnerability exists in releases from version 0.13.0 up to and including 29.x. Any system running these versions is at risk until a newer release is applied.

Risk and Exploitability

The CVSS score of 7.5 indicates a high impact on the affected network, while an EPSS score below 1 percent suggests a low likelihood of widespread exploitation. The vulnerability is not recorded in the CISA KEV catalog, meaning no publicly known exploits are available at this time. The likely attack vector is through a malicious transaction that, when processed by a vulnerable node, triggers the integer wrap, allowing an attacker to alter values used in the consensus process. As no active exploits are documented, the risk remains primarily theoretical until confirmed by the community.

Generated by OpenCVE AI on April 2, 2026 at 13:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Bitcoin Core to the latest stable release (v30.x or newer).
  • Reparse the blockchain on upgraded nodes to ensure consistency.
  • Verify that the node’s transaction validation and block acceptance processes behave normally.
  • Monitor the network for abnormal transaction patterns that may indicate exploitation attempts.
  • Apply any additional mitigation guidance released by the Bitcoin Core developers.

Generated by OpenCVE AI on April 2, 2026 at 13:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Bitcoin Core Causing Potential Value Corruption

Thu, 02 Apr 2026 12:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Bitcoin Core Causing Potential Value Corruption

Mon, 23 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Bitcoin
Bitcoin bitcoin Core
Vendors & Products Bitcoin
Bitcoin bitcoin Core

Fri, 20 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Bitcoin Core 0.13.0 through 29.x has an integer overflow.
References

Subscriptions

Bitcoin Bitcoin Core
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-23T13:49:19.162Z

Reserved: 2025-04-25T00:00:00.000Z

Link: CVE-2025-46597

cve-icon Vulnrichment

Updated: 2026-03-23T13:48:22.442Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T16:16:16.207

Modified: 2026-04-02T12:17:06.570

Link: CVE-2025-46597

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:23:20Z

Weaknesses