-
@ Eenentwintig Nieuwsfeed
2025-04-30 15:00:45
CVE-2024-52919 - Remote crash due to addr message spam (part 2)
Disclosure of the details of an integer overflow bug which causes a crash if a node is getting
spammed addr messages continuously for a very long time (years). A fix was released on April 14th
2025 in Bitcoin Core v29.0.
This issue is considered Low severity.
Details
The address manager in Bitcoin Core uses a 32-bit identifier for each entry, incremented on every
insertion. An earlier security
advisory explained how it
enabled an attacker to remotely trigger an assertion failure by spamming a node with addr messages
until the 32-bit identifier overflow.
This was partially addressed in Bitcoin Core v22.0 by rate-limiting insertions in the address
manager to 1 address per peer every 10 seconds. This made the attack a lot more expensive if not
impractical: even with 1000 peers continuously attacking it would still take more than a year to get
the 32-bit identifier to overflow.
The remaining, more expensive attack vector was addressed in Bitcoin Core version 29.0 by making the
identifier a 64-bit identifier.
Attribution
Credit goes to Eugene Siegel for discovering and disclosing the vulnerability, and to Martin
Zumsande for changing the identifier to 64-bit.
Timeline
2021-06-21 - Initial report sent to security@bitcoincore.org by Eugene Siegel
2021-07-19 - Rate limiting is merged in PR #22387
2021-09-13 - v22.0 is released with rate-limiting
2024-07-31 - Publication of the first security advisory
2024-09-20 - Change to 64-bit identifier is merged in PR #30568
2025-04-14 - Bitcoin Core v29.0 is released with the 64-bit identifier
2025-04-28 - Public Disclosure
https://bitcoincore.org/en/2025/04/28/disclose-cve-2024-52919/
#Eenentwintig #Nieuws #News #BitcoinNews