Bitcoin News

Bitcoin Core Reveals Vulnerability That Could Crash Nodes Remotely

A use-after-free flaw in script validation was exposed after the fix release, highlighting risks to node stability and the need for timely software upgrades.

Written By:
Sharmistha Suman

Reviewed By:
Shubham Soni
Bitcoin Core Reveals Vulnerability That Could Crash Nodes Remotely

Key Highlights

  • Bitcoin Core reveals CVE-2024-52911, a high-severity vulnerability.
  • The bug could allow remote attackers to crash nodes via specially crafted invalid blocks.
  • It affects versions between 0.14.0 and 28.x, fixed in version 29.0.

The Bitcoin Core development team has publicly revealed CVE-2024-52911, a high-severity use-after-free vulnerability in the script interpreter that could permit a remote attacker to crash Bitcoin nodes by mining a specially crafted invalid block. 

According to the official release, the vulnerability affected Bitcoin Core versions after 0.14.0 and before 29.0. During block validation, the software pre-calculates and caches transaction data needed for script verification. 

In some cases, including invalid blocks, this cached data could be destroyed while still being accessed by background validation threads, resulting in access to freed memory. An attacker with enough proof-of-work to mine a block at the chain tip could set off the crash on vulnerable nodes. 

The Bitcoin Core team classified the issue as high severity due to its potential impact on network stability and node availability.

Technical analysis

The problem stems from the lifetime management of PrecomputedTransactionData objects during parallel script verification. These verifications are performed using CScriptCheck functors that contain pointers to the precomputed data. 

CCheckQueueControl is a class created via RAII before the vectors of precomputed data. C++ destroys local variables in the reverse order of creation, and hence the precomputed data can be deleted before the CCheckQueueControl waits for the background threads to complete their work, especially when returning prematurely due to the presence of an invalid block.

Identification of vulnerability 

MIT DCI’s Cory Fields identified the vulnerability and privately disclosed it on November 2, 2024, with a proof-of-concept. Pieter Wuille executed a covert fix in Pull Request #31112, which eliminated problematic early returns. 

The pull request was merged on December 3, 2024, and the complete fix shipped with Bitcoin Core 29.0 in April 2025. The final vulnerable 28.x series attained end of life on April 19, 2026, making way for public disclosure. 

Deploying lead maintainer 

Separately, earlier this year, the Bitcoin Core software developers added a new lead maintainer, TheCharlatan, who has been granted the ability to perform commits and use trusted keys. 

This is the first new lead maintainer in three years, taking the total number of key holders to six, consisting of Marco Falke, Gloria Zhao, Ryan Ofsky, Hennadii Stepanov, Ava Chow, and TheCharlatan. The move, voted for by more than 20 community members with no dissenting votes, seeks to enhance security and management of the master branch.

Difficulty in keeping codebase secure

This incident highlights the challenges of maintaining a secure codebase that must reach consensus and be updated efficiently without introducing errors, while being run by thousands of nodes.

It also underscores the importance of timely updates within the Bitcoin network. Bitcoin Core developers continue to stress the need for node operators to stay up to date with software releases. The disclosure further reflects the project’s approach to security: identifying and fixing issues before releasing details, allowing the network time to upgrade.

Also Read:No CLARITY Act Without Ethics Provision: Senator Gillibrand

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Sharmistha Suman - Crypto Journalist
By Sharmistha Suman
 
A crypto writer with a strong foundation in storytelling and digital media, Sharmistha holds a Bachelor’s degree in Creative Writing and a Master’s in Digital Journalism. Since entering the crypto industry in 2022, she has been actively covering developments across blockchain, digital assets, and emerging financial technologies. Her work focuses on breaking down complex topics into clear, engaging narratives, helping readers stay informed in a fast-evolving space.
Shubham Soni Crypto Content Editor
By Shubham Soni
Follow:
Shubham Soni is a veteran content editor and journalist with over three years of experience leading digital editorial strategies across the U.S. and Indian markets. With a background in high-pressure newsrooms, Shubham specializes in the rigorous fact-checking, structural editing, and narrative development of complex news and explainers. Throughout his career at prominent digital publications like Sportskeeda and Opoyi, he has managed fast-paced desks covering global politics, sports, and entertainment. His expertise lies in transforming technical information into accessible, high-impact reporting while maintaining strict adherence to editorial ethics and accuracy. At The Crypto Times, Shubham oversees the editorial workflow, mentoring writers to ensure all cryptocurrency research and analysis meets the highest standards of clarity and journalistic integrity.

Latest News

Google, Amazon, Meta Terrified of AI Agents Charles Hoskison
Google, Amazon, Meta Terrified of AI Agents: Charles Hoskison
Hyperliquid Whales Hold $4.5B as ETH Bets Stay Balanced
Hyperliquid Whales Hold $4.5B as ETH Bets Stay Balanced
Kevin O’Leary Says Bitcoin and Ethereum Are All Institutions Need
Kevin O’Leary Says Bitcoin and Ethereum Are All Institutions Need
No CLARITY Act Without Ethics Provision Senator Gillibrand
No CLARITY Act Without Ethics Provision: Senator Gillibrand
Chainlink Pushes Crypto Toward Regulated Future With Bermuda Pilot
Chainlink Pushes Crypto Toward Regulated Future With Bermuda Pilot

Find Us on Socials

You may also like