{"id":"CVE-2021-3195","details":"bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions","modified":"2026-04-12T03:26:18.202749Z","published":"2021-01-26T18:16:28.427Z","related":["openSUSE-SU-2022:0072-1","openSUSE-SU-2024:10654-1"],"references":[{"type":"REPORT","url":"https://github.com/bitcoin/bitcoin/issues/20866"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bitcoin/bitcoin","events":[{"introduced":"0"},{"last_affected":"95ea54ba089610019a74c1176a2c7c0dba144b1c"}],"database_specific":{"cpe":"cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"0.21.0"}],"source":"CPE_FIELD"}}],"versions":["noversion","v0.21.0","v0.21.0rc1","v0.21.0rc2","v0.21.0rc3","v0.21.0rc4","v0.21.0rc5","v0.3.1","v0.3.11_notexact","v0.3.1rc1","v0.3.2","v0.3.20","v0.3.20.01_closest","v0.3.20.2_closest","v0.3.21","v0.3.21rc","v0.3.22","v0.3.22rc1","v0.3.22rc2","v0.3.22rc3","v0.3.22rc4","v0.3.23","v0.3.23rc1","v0.3.24","v0.3.24rc1","v0.3.24rc2","v0.3.24rc3","v0.3.3","v0.3.6","v0.3.7","v0.3.8","v0.4.0","v0.4.00rc1","v0.4.00rc2","v0.5.0","v0.5.0rc1","v0.5.0rc2","v0.5.0rc4","v0.5.0rc5","v0.5.0rc6","v0.5.0rc7","v0.5.1","v0.5.1rc1","v0.5.1rc2","v0.6.0","v0.6.0rc1","v0.6.0rc2","v0.6.0rc3","v0.6.0rc4","v0.6.0rc5","v0.6.0rc6","v0.6.1","v0.6.1rc1","v0.6.1rc2","v0.7.0","v0.7.0rc1","v0.7.0rc2","v0.7.0rc3","v0.7.1","v0.7.1rc1","v0.8.0","v0.8.0rc1","v0.8.2","v0.8.2rc1","v0.8.2rc2","v0.8.2rc3","v0.9.0rc1","v0.9.0rc2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3195.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}