Upstream information

CVE-2024-35202 at MITRE

Description

Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v3 Scores
CVSS detail CNA (CISA-ADP)
Base Score 7.5
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1231507 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 16.0
  • bitcoin-qt5 >= 27.1-bp160.2.1
  • bitcoin-test >= 27.1-bp160.2.1
  • bitcoin-utils >= 27.1-bp160.2.1
  • bitcoind >= 27.1-bp160.2.1
  • libbitcoinconsensus-devel >= 27.1-bp160.2.1
  • libbitcoinconsensus0 >= 27.1-bp160.2.1
Patchnames:
openSUSE-Leap-16.0-packagehub-344
openSUSE Tumbleweed
  • bitcoin-qt6 >= 31.0-2.1
  • bitcoin-test >= 31.0-2.1
  • bitcoin-utils >= 31.0-2.1
  • bitcoind >= 31.0-2.1
Patchnames:
openSUSE-Tumbleweed-2026-11073


SUSE Timeline for this CVE

CVE page created: Thu Oct 10 16:01:51 2024
CVE page last modified: Fri Jul 3 13:19:37 2026