CVE-2024-52918
📋 TL;DR
This vulnerability in Bitcoin Core's Bitcoin-Qt client allows remote attackers to cause denial of service by exploiting the BIP21 URI scheme. Attackers can crash the application and consume excessive memory by providing a malicious 'r' parameter pointing to a large file. Users running vulnerable Bitcoin Core versions with Bitcoin-Qt enabled are affected.
💻 Affected Systems
- Bitcoin Core
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete application crash and memory exhaustion leading to service disruption, potential transaction failures, and system instability requiring manual restart.
Likely Case
Application crash when processing malicious BIP21 URIs, requiring user intervention to restart Bitcoin-Qt and potentially causing temporary loss of wallet functionality.
If Mitigated
Minimal impact with proper patching or workarounds; application remains stable even when processing malicious URIs.
🎯 Exploit Status
Exploitation requires user interaction (clicking malicious link) but is trivial to execute once the malicious URI is crafted.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.20.0 and later
Vendor Advisory: https://bitcoincore.org/en/2024/07/03/disclose-bip70-crash/
Restart Required: Yes
Instructions:
1. Download Bitcoin Core 0.20.0 or later from bitcoincore.org. 2. Stop Bitcoin-Qt application. 3. Install the new version. 4. Restart Bitcoin-Qt.
🔧 Temporary Workarounds
Disable BIP21 URI handling
allPrevent Bitcoin-Qt from processing BIP21 URIs by disabling URI scheme handling in the operating system
For Linux: Remove bitcoin: protocol handler from desktop configuration
For Windows: Remove Bitcoin protocol association in Registry
Use bitcoind instead of Bitcoin-Qt
allSwitch to the command-line daemon which is not vulnerable to this issue
Stop Bitcoin-Qt
Start bitcoind daemon instead
🧯 If You Can't Patch
- Educate users to avoid clicking unknown Bitcoin payment links
- Implement network filtering to block malicious URIs at perimeter
🔍 How to Verify
Check if Vulnerable:
Check Bitcoin Core version: Help → About Bitcoin Core in GUI or run 'bitcoin-qt --version'Check Version:
bitcoin-qt --versionVerify Fix Applied:
Confirm version is 0.20.0 or higher and test with known malicious BIP21 URI (in safe environment)📡 Detection & Monitoring
Log Indicators:
- Application crash logs
- Memory exhaustion warnings
- BIP21 URI processing errors
Network Indicators:
- Unusually large file downloads triggered by Bitcoin URIs
- Multiple connection attempts to external resources
SIEM Query:
event_source="bitcoin-qt" AND (event_type="crash" OR memory_usage>threshold)