Bitcoin · Bitcoin Core · CVE-2023-50428
**Name of the Vulnerable Software and Affected Versions**
Bitcoin Core versions prior to 26.1
Bitcoin Knots versions prior to 25.1.knots20231115
**Description**
Datacarrier size limits can be bypassed by obfuscating data as code, such as by using `OP FALSE OP IF`. This issue was exploited in the wild by Inscriptions during 2022 and 2023. The `datacarriersize` setting was designed to limit `OP RETURN` script sizes but did not restrict witness data or other methods of encoding data.
**Recommendations**
Update Bitcoin Core to version 26.1 or later.
Update Bitcoin Knots to version 25.1.knots20231115 or later.