According to Odaily, Bitcoin developers have disclosed details of a significant software vulnerability. Senior Core developers reported that over 13% of household and commercial computers running Bitcoin rules are susceptible to remote shutdown attacks. The vulnerability, identified as CVE-2024-35202, affects Bitcoin nodes operating on Core software versions prior to 25.0. Nodes that have not been updated to at least version 25.0 allow attackers to remotely exploit an assertion in the software logic handling 'blocktxn' messages. Notably, this vulnerability offers minimal economic benefit to ordinary attackers.

The issue originates from the Core's compact block protocol, which uses shortened transaction identifiers to reduce internet bandwidth usage. Attackers can trigger conflicts within these identifiers, causing nodes to request a full block. While requesting a complete, unabridged block is a safety precaution, software versions before 25.0 have a flaw in the logic handling subsequent blocktxn messages. In essence, attackers can manipulate logic gates to force nodes into an invalid state, leading to a complete crash of the node.

Niklas Gögge discovered and disclosed the vulnerability, providing a patch deployed in Bitcoin Core v25.0. He addressed the issue in Bitcoin Core's pull request number 26898, and other developers merged it into production by May 26, 2023. According to BitNodes.io, 13.7% of the 18,843 nodes running the Bitcoin network are vulnerable to this attack. Developers urge all node operators to update their software to fix this vulnerability. The latest version of Bitcoin Core software is 28.0.