PT-2024-35487 · Unknown · Bitcoin Core
Eugene Siegel
·
Published
2024-11-18
·
Updated
2025-09-23
·
CVE-2024-52919
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Bitcoin Core versions prior to 22.0
Bitcoin Core versions 27.x
Description
The issue is caused by an integer overflow in CAddrMan's
nIdCount via a flood of addr messages, leading to an assertion failure and daemon exit. This can be exploited to cause a remote crash.Recommendations
For Bitcoin Core versions prior to 22.0, update to version 22.0 or later to resolve the issue.
For Bitcoin Core versions 27.x, update to version 28.x or 29.x to resolve the issue.
As a temporary workaround, consider restricting the handling of
addr messages to minimize the risk of exploitation.Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitcoin Core