Bitcoin Developers Detected a Serious Vulnerability: These Should Be Done

The post Bitcoin Developers Detected a Serious Vulnerability: These Should Be Done appeared on BitcoinEthereumNews.com.

Bitcoin developers have disclosed details of a high-severity software vulnerability affecting Bitcoin Core. “People Who Mine Bitcoin Should Update Their Software Immediately” According to senior Core developers, more than 13% of global nodes — the home and business computers that enforce Bitcoin’s rules — are at risk of being remotely shut down due to this vulnerability. The vulnerability, dubbed CVE-2024-35202, affects Bitcoin nodes running Core software versions prior to 25.0. Nodes that have not been updated to at least version 25.0 are vulnerable to a vulnerability that could allow attackers to remotely trigger an issue in the software logic that processes block transaction (“blocktxn”) messages. The flaw is caused by Bitcoin Core’s compact block protocol, which uses shortened transaction identifiers to minimize internet bandwidth usage. An attacker could cause a collision in these identifiers, causing the node to claim the entire block. While claiming a full block is a security measure, software versions prior to 25.0 have an issue with the way they handle subsequent blocktxn messages. This flaw could allow an attacker to manipulate the software’s logic, ultimately forcing the node into an invalid state and causing it to crash. Niklas Gögge, who identified and disclosed the bug, also developed the fix, which was integrated into Bitcoin Core version 25.0. The patch was merged via pull request 26898 and became part of the production software as of May 26, 2023. According to data from BitNodes.io, 13.7% of the 18,843 nodes currently operating on the Bitcoin network are vulnerable to the attack. Developers are urging all node operators to update their software to mitigate the risk. The latest version of Bitcoin Core, version 28.0, includes patches for this vulnerability. While the bug poses a serious risk, developers have noted that it does not provide immediate financial gain to attackers. Exploiting…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ October 13, 2024 6:15 pm