On May 5, Bitcoin Core disclosed a high-severity vulnerability affecting software versions 0.14.0 through 28. The scope spans approximately nine years of development.
According to the official notification, the fault is Allowed an attacker to mine blocks with sufficient proof of work It may be possible to force a third-party node to shut down or exploit a memory management error to do so.
According to Bitcoin Core, The vulnerability existed in the script interpreter responsible for validating transactions.. The organization notes that during validation of specially constructed invalid blocks, background processing threads may access data that has already been removed from memory. This is known as a “bug” in programming. Free after use (Use then Release) – This causes the affected node to collapse.
Bitcoin Core is the reference software that implements the Bitcoin network protocol. This software is vulnerable because its development is maintained by a group of open source contributors and represents the technical foundation on which most of the full nodes of the network operate. Directly affects stability and integrity About Bitcoin infrastructure.
Cory Fields, a researcher at the Massachusetts Institute of Technology Digital Currency Initiative, said: The judgment was reported privately on November 2, 2024.. According to a timeline published by Bitcoin Core, developer Pieter Wuille quietly included the fix. pull request It already opened a few days later, without making its purpose publicly known. A fixed version, Bitcoin Core 29.0, was released on April 12, 2025. For some, the fix was done “under the hood.”
Correction and disclosure
Bitcoin Core has indicated that its rollout has been delayed until the last vulnerable version (branch 28.x) reaches official end of life (ends on April 19, 2026). Also known as responsible disclosureWe strive to allow users sufficient time to update before the technical details of an issue are made public.
Although the nature of the error theoretically allows remote code execution on the affected nodes,This scenario is unlikely due to limitations inherent in block formats.. According to Bitcoin Core, the most likely impact is the forced closure of nodes.
Bitcoin Core highlights that node operators who migrated to version 29.0 or later at the time of release: Not released during the public release period. The organization has not reported any evidence that the vulnerability was exploited prior to the fix.
