PT-2024-35486 · Unknown · Bitcoin Core
Fanquake
+1
·
Published
2024-11-18
·
Updated
2024-11-18
·
CVE-2024-52918
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Bitcoin Core versions prior to 0.20.0
Description:
The issue allows remote attackers to cause a denial of service, resulting in memory consumption and application crash. This is achieved via a BIP21
r parameter for a URL that has a large file.Recommendations:
For versions prior to 0.20.0, update to version 0.20.0 or later to resolve the issue. As a temporary workaround, consider restricting access to URLs with large files to minimize the risk of exploitation. Avoid using the
r parameter in BIP21 URLs for large files until the issue is resolved.Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitcoin Core