CVE-2024-52920 – Bitcoin Core versions before 0.20.0 contain a v... (How to Fix)

Q: What is the severity of CVE-2024-52920?

CVE-2024-52920 has a CVSS score of 7.5 (HIGH). Bitcoin Core versions before 0.20.0 contain a vulnerability where remote attackers can send specially crafted GETDATA messages that cause the software to enter an infinite loop, leading to denial of service. This affects all Bitcoin Core nodes running vulnerable versions that accept incoming peer connections. The vulnerability allows attackers to consume 100% CPU resources on affected nodes.

📋 TL;DR

Bitcoin Core versions before 0.20.0 contain a vulnerability where remote attackers can send specially crafted GETDATA messages that cause the software to enter an infinite loop, leading to denial of service. This affects all Bitcoin Core nodes running vulnerable versions that accept incoming peer connections. The vulnerability allows attackers to consume 100% CPU resources on affected nodes.

💻 Affected Systems

Products:

Bitcoin Core

Versions: All versions before 0.20.0

Operating Systems: All platforms running Bitcoin Core

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects nodes that accept incoming peer connections. Nodes configured as outbound-only or behind restrictive firewalls may be less vulnerable.

📦 What is this software?

Bitcoin Core by Bitcoin

View all CVEs affecting Bitcoin Core →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service where Bitcoin Core becomes unresponsive, requiring manual restart and potentially causing transaction processing delays and network synchronization issues.

🟠

Likely Case

CPU exhaustion leading to degraded performance, slow block processing, and potential node disconnection from the Bitcoin network.

🟢

If Mitigated

Minimal impact if patched or if nodes are behind firewalls that block malicious peer connections.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to Bitcoin Core's P2P port (default 8333). The vulnerability is in the message parsing logic and can be triggered by any peer.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.20.0 and later

Vendor Advisory: https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/

Restart Required: Yes

Instructions:

1. Stop Bitcoin Core service. 2. Backup wallet.dat and configuration files. 3. Download Bitcoin Core 0.20.0 or later from bitcoincore.org. 4. Install the new version. 5. Restart Bitcoin Core service.

🔧 Temporary Workarounds

Firewall Restriction

linux

Block incoming connections to Bitcoin Core P2P port from untrusted sources

iptables -A INPUT -p tcp --dport 8333 -j DROP
ufw deny 8333/tcp

Connection Limiting

all

Reduce maximum connections to minimize attack surface

Add 'maxconnections=8' to bitcoin.conf

🧯 If You Can't Patch

Implement strict firewall rules to only allow Bitcoin Core connections from trusted peers
Monitor CPU usage and restart Bitcoin Core if infinite loop is detected

🔍 How to Verify

Check if Vulnerable:

Check Bitcoin Core version with 'bitcoin-cli getnetworkinfo' and verify version is below 0.20.0

Check Version:

bitcoin-cli getnetworkinfo | grep version

Verify Fix Applied:

Confirm version is 0.20.0 or higher and monitor for abnormal CPU usage patterns

📡 Detection & Monitoring

Log Indicators:

High CPU usage alerts
Repeated GETDATA messages in debug.log
Node disconnection events

Network Indicators:

Unusual GETDATA message patterns
High volume of malformed P2P messages

SIEM Query:

source="bitcoin.log" AND "GETDATA" AND ("error" OR "malformed")

📊 Metadata

CVE ID: CVE-2024-52920

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

Published: November 18, 2024

Last Updated: April 30, 2025

🔗 References

https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/ Vendor Advisory
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52920, you might also want to check these: