According to ChainCatcher, Bitcoin Core developers have issued a high-risk warning, saying that one in six Bitcoin nodes has a software vulnerability. The software running on 17% of the network nodes has major security issues, and all software below Bitcoin Core version 24.0.1 is at risk.
The denial of service vulnerability affects approximately 3,330 of the 19,200 self-proclaimed user agents of accessible Bitcoin full nodes, according to Bitnodes monitoring estimates. Malicious actors can spam nodes with low-difficulty header chains, causing them to crash.
The developers fixed this vulnerability in Bitcoin Core pull request number 25717 and merged it into production with the release of version 24.0.1 on December 12, 2022. The current Bitcoin Core node software version is 27.1, which contains fixes for this and other vulnerabilities.
While this vulnerability is fairly severe, there are few known exploits publicly documented, and since the cost of generating and broadcasting a block header chain to perform a denial of service attack is quite high, this vulnerability offers little financial benefit to an attacker.