CVE-2024-35202

Name of the Vulnerable Software and Affected Versions Bitcoin Core versions prior to 25.0

Description A high-severity software bug in Bitcoin Core allows remote attackers to cause a denial of service by including transactions in a blocktxn message that are not committed to in a block's merkle root. This vulnerability affects over 13% of Bitcoin nodes worldwide, allowing attackers to remotely shut down nodes. The issue is related to the blocktxn message-handling logic, where an assertion can be triggered, leading to a node exit.

Recommendations To resolve the issue, update Bitcoin Core to version 25.0 or later. For nodes running versions prior to 25.0, upgrading to the latest version will mitigate the risk of remote shutdown attacks. As a temporary workaround, consider restricting access to the blocktxn message handling logic until a patch is applied.