CandleFocus

No auto-update in Bitcoin Core means 13% of nodes could crash

Bitcoin developers have disclosed a high-severity software bug that affects over 13% of the computers enforcing Bitcoin's rules worldwide. The bug, named CVE-2024-35202, targets Bitcoin nodes running Core software prior to version 25.0 and allows for a remote shutdown. The vulnerability is related to the compact block protocol and can be exploited by triggering a collision in shortened transaction identifiers. The bug has been patched in version 25.0, but a significant number of nodes are still vulnerable. While the bug has little financial benefit for an average attacker, it could be exploited by corporate or governmental actors to disrupt Bitcoin's operations. Node operators are encouraged to update their software to address the vulnerability.

Related News