CVE-2023-33297

Name of the Vulnerable Software and Affected Versions Bitcoin Core versions prior to 24.1

Description The issue allows attackers to cause a denial of service, specifically CPU consumption, because draining the inventory-to-send queue is inefficient. This has been exploited in the wild in May 2023.

Recommendations For Bitcoin Core versions prior to 24.1, update to version 24.1 or later to resolve the issue. As a temporary workaround, consider enabling debug mode to mitigate the risk of CPU consumption attacks. Restrict access to the inventory-to-send queue to minimize the risk of exploitation.