Bitcoin Core Vulnerability Allows Remote Denial of Service (DoS) Attacks via Chain Width Expansion
CVE-2019-25220

Currently unrated

Key Information:

Vendor: Bitcoin
Status: Bitcoin Core
Vendor: CVE Published:; 18 November 2024

What is CVE-2019-25220?

A denial of service vulnerability exists in Bitcoin Core prior to version 24.0.1, where remote attackers can initiate a denial of service attack leading to a crash of the daemon. This vulnerability arises from the inability of the software to verify that a proposed header chain carries sufficient work before it is stored, allowing attackers to exploit the system through a flood of low-difficulty header chains — a tactic referred to as the 'Chain Width Expansion' attack. Ensuring that nodes verify work before accepting chains is crucial for maintaining the integrity and availability of Bitcoin Core.

References

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exp...

https://bitcoincore.org/en/2024/09/18/disclose-headers-oom

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Nov 18, 2024