CVE-2024-52911
Awaiting Analysis Awaiting Analysis - Queue
Bitcoin Core Denial of Service Vulnerability

Publication date: 2026-05-05

Last updated on: 2026-05-06

Assigner: MITRE

Description
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-14
NVD
CVE-2024-52911
EUVD
EUVD-2024-55566
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
bitcoin_core bitcoin_core From 0.14 (inc) to 28.x (inc)
bitcoin core From 0.14 (inc) to 29.0 (exc)
bitcoin core to 28.0 (inc)
bitcoin core 29
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on a network or system.

Executive Summary

CVE-2024-52911 is a high-severity vulnerability in Bitcoin Core versions after 0.14.0 and before 29.0. It involves a use-after-free bug in the script interpreter where validating a specially crafted block could cause a node to access memory that had already been freed.

This happens because precomputed transaction data, which is cached during validation, can be destroyed while still being accessed by a background validation thread if the block is invalid.

An attacker could exploit this by mining a block with sufficient proof-of-work to crash victim nodes.

While remote code execution is theoretically possible, the constraints on input data make it unlikely.

The vulnerability was discovered by Cory Fields and fixed in Bitcoin Core 29.0 by removing early returns in the validation process to prevent premature destruction of the precomputed data.

Impact Analysis

This vulnerability can be exploited by an attacker to remotely crash Bitcoin Core nodes by sending a specially crafted block.

A successful exploit would cause denial of service by making the node access freed memory, potentially disrupting node operations.

Although remote code execution is theoretically possible, it is considered unlikely due to input constraints.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Bitcoin Core to version 29.0 or later, as the fix was implemented in that release.

The vulnerability affects versions after 0.14.0 and before 29.0, with the last vulnerable version 28.x reaching end-of-life in April 2026.

The fix involved removing early returns in the validation process to prevent premature destruction of precomputed transaction data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-52911. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart