According to BlockBeats, on September 20, Protos reported that Bitcoin Core developers issued a new high-risk warning, saying that one in six Bitcoin nodes has a software vulnerability. On Thursday, staff of the open source Bitcoin Core project, which is responsible for maintaining software running on more than 98% of reachable full nodes, disclosed that there are major security issues with the software running on 17% of the network's nodes. Specifically, all software below Bitcoin Core version 24.0.1 is at risk. According to Bitnodes' monitoring estimates, this denial of service vulnerability affects approximately 3,330 of the 19,200 self-proclaimed user agents of accessible Bitcoin full nodes.
In Bitcoin Core software prior to version 24.0.1, malicious actors could spam nodes with low-difficulty header chains. By forcing nodes to download and store extremely long header chains, the attack could crash nodes by consuming too much bandwidth or device storage. Developers fixed this vulnerability in Bitcoin Core pull request (PR) number 25717 and merged it into production with the release of v24.0.1 on December 12, 2022. The current Bitcoin Core node software version (now 27.1) contains fixes for this and other vulnerabilities.
While this vulnerability is fairly severe, there are few known exploits publicly documented, and since the cost of generating and broadcasting a block header chain to perform a denial of service attack is quite high, this vulnerability offers little financial benefit to an attacker.