Bitcoin Core before 22.0 vulnerable to integer overflow and assertion failure
CVE-2024-52919
Key Information:
- Vendor
Bitcoin Core
- Status
- Vendor
- CVE Published:
- 18 November 2024
Badges
What is CVE-2024-52919?
CVE-2024-52919 is a vulnerability found in Bitcoin Core, a widely used software for managing Bitcoin nodes and transactions. Specifically, it concerns an integer overflow issue related to the address management system (CAddrMan) in versions prior to 22.0. The vulnerability arises from a 32-bit counter (nIdCount) that increments with each new address entry. If an attacker can flood a node with addr messages causing it to insert more than 2^32 entries, the counter overflow occurs. This leads to an assertion failure, which effectively crashes the node, interrupting its normal functioning. The negative impact on organizations relying on Bitcoin Core includes potential downtime for their nodes and disruption of transaction processing, ultimately compromising operational effectiveness and user trust in the Bitcoin network.
Potential impact of CVE-2024-52919
-
Node Downtime: The primary impact is the crash of the node handling addr messages, which can lead to significant downtime. For organizations that depend on continuous node operation, this can result in lost transaction opportunities and reduced service availability.
-
Increased Attack Surface: The existence of this vulnerability creates an opportunity for potential attackers to exploit Bitcoin nodes, disrupting their operation and potentially causing wider network issues depending on the number of nodes affected.
-
Operational Disruption: Organizations utilizing Bitcoin Core may experience operational disruptions as they deal with the consequences of the crashes, including the need for system reboots or intervention, which can strain resources and lead to decreased productivity.
News Articles
National Institute of Standards and Technology (.gov)CVE-2024-52919NVD - CVE-2024-52919
Description Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr...
6 days ago
CVE-2024-52919 : Bitcoin Core before 22.0 vulnerable to integer overflow and assertion failure
Integer overflow in Bitcoin Core leading to daemon exit through addr message flood. Key vulnerability impacting the Bitcoin network.
6 days ago
bitcoincore.orgCVE-2024-52919CVE-2024-52919 - Remote crash due to addr message spam
CVE-2024-52919 - Remote crash due to addr message spam
2 weeks ago