The Bitcoin Development Podcast

Discussing Pre-0.21.0 Bitcoin Core Vulnerability Disclosures

July 11, 2024·51 min
Episode Description from the Publisher

Brink engineers Gloria Zhao and Niklas Gögge talk through the recently disclosed Bitcoin Core pre-0.21.0 vulnerabilities. (0:00) - Introductions and motivation for disclosures (3:17) - Absolute value of a signed integer leads to rejection of all blocks (13:50) - Too many misbehaving peers leads to DoS (21:17) - Nested loop without deduplication leads to stalling (27:34) - Vulnerability in dependency leads to potential RCE (34:17) - Large memory allocation in peer receiver buffer and send buffer (35:41) - Payment request fetch causes mysterious crashing (37:39) - Misordered logic permits download of blocks bypassing checkpoints (42:21) - Lessons learned from these disclosures

Podzilla Summary coming soon

Sign up to get notified when the full AI-powered summary is ready.

Get Free Summaries →

Free forever for up to 3 podcasts. No credit card required.

Listen to This Episode

Apple Podcasts

More from The Bitcoin Development Podcast

Discussing Pre-25.0 Bitcoin Core Vulnerability Disclosures

October 10, 2024·1h 5m

Discussing Pre-22.0 Bitcoin Core Vulnerability Disclosures

July 31, 2024·24 min

Sebastian Falbesoner on Code Review and BIP324

September 6, 2023·43 min

Mempool Ancestors and Descendants

November 24, 2021·19 min
View all episodes →

Get summaries like this every morning.

Free AI-powered recaps of The Bitcoin Development Podcast and your other favorite podcasts, delivered to your inbox.

Get Free Summaries →

Free forever for up to 3 podcasts. No credit card required.