CVE-2024-52911

Name of the Vulnerable Software and Affected Versions Bitcoin Core versions 0.14 through 28.x

Description A high-severity memory safety issue exists in the script validation engine of the main node software. This use-after-free flaw—a type of memory corruption that occurs when a program continues to use a pointer after it has been freed—could allow an attacker with sufficient proof-of-work to remotely crash other nodes or potentially execute arbitrary code on them. Exploitation requires the use of specially crafted invalid blocks, making the attack costly in practice. It is estimated that approximately 43% of nodes worldwide remain affected.

Recommendations Update Bitcoin Core to version 29.0.