CVE-2023-50428

Name of the Vulnerable Software and Affected Versions Bitcoin Core versions prior to 26.1 Bitcoin Knots versions prior to 25.1.knots20231115

Description Datacarrier size limits can be bypassed by obfuscating data as code, such as by using OP FALSE OP IF. This issue was exploited in the wild by Inscriptions during 2022 and 2023. The datacarriersize setting was designed to limit OP RETURN script sizes but did not restrict witness data or other methods of encoding data.

Recommendations Update Bitcoin Core to version 26.1 or later. Update Bitcoin Knots to version 25.1.knots20231115 or later.