CVE-2016-10724

Name of the Vulnerable Software and Affected Versions Bitcoin Core versions prior to 0.13.0 Bitcoin Knots versions prior to 0.13.0.knots20160814

Description The issue allows for denial of service through memory exhaustion, triggered by the remote network alert system. This system is deprecated since Q1 2016. An attacker can exploit this by signing a message with a certain private key that had been known by unintended actors, due to an infinitely sized map. This affects not only Bitcoin Core but also other uses of the codebase, including Bitcoin Knots and many altcoins.

Recommendations For Bitcoin Core versions prior to 0.13.0, update to version 0.13.0 or later. For Bitcoin Knots versions prior to 0.13.0.knots20160814, update to version 0.13.0.knots20160814 or later.