Bitcoin Core recently addressed a high severity vulnerability related to banned IP addresses and a medium severity issue affecting unconfirmed transactions.

A Medium severity vulnerability in miniupnpc, identified in 2015 by Wladimir J. Van Der Laan, could have led to a data leak and remote code execution in Bitcoin Core.

This issue, CVE-2015-6031, was fixed in Bitcoin Core version 0.12 in February 2016.

The vulnerability allowed for remote crashes and, when combined with a buffer overflow in miniupnpc, could result in remote code execution.

Aleksandar Nikolic was credited for identifying the initial vulnerability.

The fixes were merged into Bitcoin Core in 2015, with the final vulnerable version reaching End of Life in 2017.

Public disclosure of the issue was made on July 3, 2024.

The recent high severity vulnerability in Bitcoin Core was fixed by Pieter Wuille in versions 0.20.1 and 0.21.0.