Bitcoin: Denial of Service — GLSA 202408-12

A vulnerability has been discovered in Bitcoin, which can lead to a denial of service.

Affected packages

net-p2p/bitcoind on all architectures
Affected versions < 25.0
Unaffected versions >= 25.0

Background

Bitcoin Core consists of both "full-node" software for fully validating the blockchain as well as a bitcoin wallet.

Description

Please review the CVE identifier referenced below for details.

Impact

Bitcoin Core, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.

Workaround

There is no known workaround at this time.

Resolution

All Bitcoin users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-p2p/bitcoind-25.0"
 

References

Release date
August 07, 2024

Latest revision
August 07, 2024: 1

Severity
normal

Exploitable
remote

Bugzilla entries