TechFlow reports that on May 6, according to Bitcoin Core’s official security advisory, high-severity vulnerabilities (CVE-2024-52911) exist in Bitcoin Core versions 0.14.0 through those prior to 29.0. Attackers may trigger a node to access freed memory—and thereby cause remote node crashes—by submitting specially crafted invalid blocks containing valid proof-of-work. Theoretically, this could enable remote code execution, although the likelihood is low.
This vulnerability was discovered and responsibly disclosed by Cory Fields, a researcher at MIT’s Digital Currency Initiative (DCI), in November 2024. The fix was merged in December 2024 and is fully implemented in Bitcoin Core version 29.0, released in April 2025. Users are advised to upgrade to version 29.0 or later as soon as possible.
