|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Cryptocurrency News Articles
Bitcoin Devs Finally Admitting to Major Mistakes in Core Software
Oct 11, 2024 at 12:52 am
Bug patched since May 2023, but Bitcoin Core does not auto-update
Bitcoin developers disclosed details of another high-severity software bug on Monday, revealing that over 13% of the home and business computers around the world that enforce Bitcoin’s rules are vulnerable to a remote shutdown.
The bug, named CVE-2024-35202, affects Bitcoin nodes running Core software prior to version 25.0. Nodes that have not updated to at least 25.0 allow an attacker to remotely exploit an assertion in the software logic that handles block transaction (‘blocktxn’) messages.
Specifically, the vulnerability stems from Core’s compact block protocol, which uses shortened transaction identifiers to reduce internet bandwidth use. An attacker can trigger a collision in these identifiers, causing the node to request a full block.
Although requesting a full, unabridged block is a safety precaution, software versions prior to 25.0 have a flaw in their handling logic of subsequent blocktxn messages. In short, the node can be forced into an invalid state through manipulating logic gates, causing it to crash entirely.
The vulnerability was discovered and disclosed by Niklas Gögge, who also provided the patch implemented in Bitcoin Core v25.0. He patched this bug in Bitcoin Core pull request number 26898 and other developers had merged it into production by May 26, 2023.
According to self-declared values declared by internet-accessible nodes tracked by BitNodes.io, 13.7% of the 18,843 nodes operating the Bitcoin network are vulnerable to the attack. Developers encourage all node operators to update their software to patch this vulnerability. The latest version of Bitcoin Core software is 28.0.
Bitcoin Core developers have been disclosing details of high-severity bugs in older software versions as of late. Because Core software does not automatically update by default, those operating Bitcoin nodes must manually choose to download, verify, and update their software.
This vulnerability has little financial benefit to an average attacker, as it requires sophisticated manipulation of the compact block protocol and does not allow for double-spending of bitcoin without coordinating a variety of other financial and social engineering schemes.
However, the vulnerability could be exploited by a corporate or governmental actor who wants to disrupt the operations of Bitcoin for financially-deferred reasons, such as promoting an altcoin or another cryptocurrency project.
To stay up to date on the latest news from Bitcoin Magazine, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.
Disclaimer:info@kdj.com
The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!
If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.
-
- Stripe Now Allows Merchants to Accept USDC Payments in Over 150 Countries
- Oct 11, 2024 at 06:20 am
- Jeremy Allaire, CEO of USDC issuer Circle, expressed his enthusiasm on X, stating: “Official launch and support for USDC payments in Stripe products rolling out for businesses in the U.S. Very exciting to see how this unfolds!”