Tapscript Lacks Policy Size Limit Check in Bitcoin Core and Bitcoin Knots
CVE-2024-34149

Currently unrated

Key Information:

Vendor: Bitcoin Core
Vendor: CVE Published:; 30 April 2024

🔔 Create Bitcoin Core Vulnerability Alert

What is CVE-2024-34149?

In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check (for example, because they agree with the objective but disagree with the technical mechanism, or because they have a different objective).

References

https://github.com/bitcoin/bitcoin/pull/29769

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2024