CVE-2024-35202

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35202
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35202.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-35202
Published
2024-10-10T13:15:14.077Z
Modified
2025-11-15T19:08:18.917351Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance.

References

Affected packages

Git / github.com/bitcoin/bitcoin

Affected ranges

Type
GIT
Repo
https://github.com/bitcoin/bitcoin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8105bce5b384c72cf08b25b7c5343622754e7337

Affected versions

Other

noversion

v0.*

v0.1.5
v0.1.6test1
v0.2.0
v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.2
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.2rc2
v0.3.0
v0.3.1
v0.3.10
v0.3.11_notexact
v0.3.12
v0.3.13
v0.3.14
v0.3.15
v0.3.17
v0.3.18
v0.3.19
v0.3.1rc1
v0.3.2
v0.3.20
v0.3.20.01_closest
v0.3.20.2_closest
v0.3.21
v0.3.21rc
v0.3.22
v0.3.22rc1
v0.3.22rc2
v0.3.22rc3
v0.3.22rc4
v0.3.22rc5
v0.3.22rc6
v0.3.23
v0.3.23rc1
v0.3.24
v0.3.24rc1
v0.3.24rc2
v0.3.24rc3
v0.3.3
v0.3.6
v0.3.7
v0.3.8
v0.3rc1
v0.3rc2
v0.3rc4
v0.4.0
v0.4.00rc1
v0.4.00rc2
v0.5.0
v0.5.0rc1
v0.5.0rc2
v0.5.0rc3
v0.5.0rc4
v0.5.0rc5
v0.5.0rc6
v0.5.0rc7
v0.5.1
v0.5.1rc1
v0.5.1rc2
v0.6.0
v0.6.0rc1
v0.6.0rc2
v0.6.0rc3
v0.6.0rc4
v0.6.0rc5
v0.6.0rc6
v0.6.1
v0.6.1rc1
v0.6.1rc2
v0.7.0
v0.7.0rc1
v0.7.0rc2
v0.7.0rc3
v0.7.1
v0.7.1rc1
v0.8.0
v0.8.0rc1
v0.8.2
v0.8.2rc1
v0.8.2rc2
v0.8.2rc3
v0.9.0rc1
v0.9.0rc2

v21.*

v21.99-guixtest1

v25.*

v25.0rc1
v25.0rc2