CVE-2024-35202
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/10/2024
Last modified:
22/05/2025
Description
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:* | 25.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://bitcoincore.org/en/2024/10/08/disclose-blocktxn-crash/
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
- https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-25.0.md
- https://github.com/bitcoin/bitcoin/pull/26898
- https://github.com/bitcoin/bitcoin/releases/tag/v25.0