Bitcoin Core Vulnerability Allows Denial of Service Attacks
CVE-2023-33297

7.5HIGH

Key Information:

Vendor: Bitcoin
Status: Bitcoin Core
Vendor: CVE Published:; 22 May 2023

What is CVE-2023-33297?

In Bitcoin Core versions prior to 24.1, a vulnerability exists that allows attackers to execute denial of service attacks under normal operational conditions. This flaw arises due to an inefficient method used for draining the inventory-to-send queue, which can lead to excessive CPU consumption and degrade the performance of the Bitcoin network. This issue was actively exploited in the wild as of May 2023, highlighting the urgency of upgrading to the latest version. Users of Bitcoin Core are strongly advised to upgrade to version 24.1 or later to mitigate this risk.

References

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exp...

https://github.com/bitcoin/bitcoin/issues/27586

https://github.com/bitcoin/bitcoin/issues/27623

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2023
Vulnerability Reserved
May 22, 2023