From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Fri, 24 Oct 2025 09:26:43 -0700
Received: from mail-oi1-f192.google.com ([209.85.167.192])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBDL4XL646QOBBOGR53DQMGQERQP53QA@googlegroups.com>)
	id 1vCKcl-0001tT-63
	for bitcoindev@gnusha.org; Fri, 24 Oct 2025 09:26:43 -0700
Received: by mail-oi1-f192.google.com with SMTP id 5614622812f47-44d9785f530sf276448b6e.3
        for <bitcoindev@gnusha.org>; Fri, 24 Oct 2025 09:26:42 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1761323197; cv=pass;
        d=google.com; s=arc-20240605;
        b=kpHERT2vDPTFjj2tIBGet86bVLQLFc/GIQMTL4JxQrsMdtDiMop4CpZeGZ0VAUTg02
         feQoa8BlXJ6jGF99LM1nra8nVIIW3tpAr9ZWYUUii/38bLrgQL4b9MF5qy7v7gSbfM4F
         wyWVXVoQX8rxwdF4OcJm+me1zURDKRUA1XCZYsYyuTdl8S6m7b9/B8tBE6u8enou5jGT
         FecAKYr4v+ci2Yg4QcvERuGWC5fuUC2USK4WnfeyluxMljs4uba0qzsWIn7oWoOEs+d7
         V4mw9siJK1sRE9FF1CDXN7/2uUeanE76wuIS23gKKBFwmSh23WY+NNPV7AVPGDOu7E7X
         H7Jg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:mime-version:feedback-id
         :message-id:subject:from:to:date:dkim-signature;
        bh=8t9pA/D87maGpiEoxiOmt3bNKaur7dfV/RU60s/rRiE=;
        fh=mtJHoF2z/5WOwewICnoQJiKwYdbQS59xoM7bhzxFxEk=;
        b=P7po7M++ZhNk+zHQrRLMYsYG8v0/LyMkKKvTGMTwhu32TsMvM/2quPM2WqaMCF9d0y
         ZZT9cuCwV6NF49GRv/tBXvRIhcXHOnQBUJiF1OpOTid1VTCrlI+AOTPjoUUn0EwazCbS
         yfpqQ4jLL0sVXuK6/vcdU5mjZydtrUIfQ9vMHipyLPIH9BfSO7C2DN+0zcAPA0hgqJpQ
         VaUYJnCezwG1QWS9jNka9IlrtkjR7/0G/RPAF0g/5KqOBiAA+oBiPgS081k76nHIKDjo
         eqZF+kosvg+Qtih/XpKVQaJn3VMFH//DbOi4L7UwqplYBkyOM8pEkozF3wXKHCTG/aSW
         /6Cg==;
        darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=DAI4xTRG;
       spf=pass (google.com: domain of darosior@protonmail.com designates 109.224.244.18 as permitted sender) smtp.mailfrom=darosior@protonmail.com;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1761323197; x=1761927997; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:mime-version
         :feedback-id:message-id:subject:from:to:date:from:to:cc:subject:date
         :message-id:reply-to;
        bh=8t9pA/D87maGpiEoxiOmt3bNKaur7dfV/RU60s/rRiE=;
        b=hGM8oQBCgTJt0ATXVhRw435wPkqK5VtZB/Z6FmHJr1HAT16I61PrvBktWAaqD/VHuc
         b3Xo9XoGKlb/rVIEnbGw51Bbj/0fyUwdPQrhT48FiFQ3l9d+ZyfSgzkCMymm15Zbciva
         5fQCdqbNrjbYui1ECIIbkDxmywljrUgXnwYX2jzCkR6WHukxg6qjJbSoD9VtunJwMgKp
         a5MODGD4U/PNPArFRLydjxHD27UdUwyrupUwVObe7qGUgB9Q4IoJDGHue84/NrZ6T5++
         YbmM235mYckYYsTSbPZkmx/JS5s66QRL7Obnq/KnOSiaktwLjUn7AjDAvNWqYx+rJPrN
         cZDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761323197; x=1761927997;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:mime-version
         :feedback-id:message-id:subject:from:to:date:x-beenthere
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=8t9pA/D87maGpiEoxiOmt3bNKaur7dfV/RU60s/rRiE=;
        b=ae1sr1mUEuNLVfS4LdkSOwF5U7/R1Rt2M/CMnydYwPQ68A0PiFrG6anAIg8eXWoyYy
         t1Ozf6Rqx75CM++Cq1T3wL7FzI85geMfQ+e8iqbio77ft204/ydBsr2ORpX6E0QAzZLI
         TGslqul3Phs3KEeinFx7F8cgnsIzOr00KQAclMgsjfq/wncISKPVWpRvzUSvR16VsKNx
         Px3gwa2ZsXbxQLhPdDe0Dejc6Vx2kJnoKzNfiaAVosQFxjUyS/H1GDEBdTe8UuqK/dNS
         aYbBEEsap2p4nhY/Uk6qfbOevODv/1pVmm+tB+eKauIcXsmirlx49qC5Z0qQ1oO7L7JF
         de0Q==
X-Forwarded-Encrypted: i=2; AJvYcCVE7sWadIFEtU9GCQGYhsmFbrcwf1qnGnht5HCml6h4orkAWlTck6b9WwtE+yt7JQ6Pdd6rZKvtpnzS@gnusha.org
X-Gm-Message-State: AOJu0Ywfp5JTKgrh75Y+jJE0sbL6pE0v9nmm/EsgetrbvGUiecMPB1Kg
	Abq5cZTZWfREb65m3+Z8FBTGaRLfiZ2cba9Lcotg4jDurvYyV4UQIBpY
X-Google-Smtp-Source: AGHT+IHVZN76fmLlIIIMEtvq43TZIqKIoRQjQNzCsk5ppZJ14vUjJkHbcMVVtflKKeihKfWXdiUu5w==
X-Received: by 2002:a05:6808:1894:b0:441:8f74:f3f with SMTP id 5614622812f47-443a314f8c7mr11912090b6e.57.1761323197099;
        Fri, 24 Oct 2025 09:26:37 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h="ARHlJd6+GEt9BZZljz5wP9S02VNJrnIpL+x4A6IikxCbFfFS9A=="
Received: by 2002:a4a:db88:0:b0:63d:117:32df with SMTP id 006d021491bc7-654ece85947ls9270eaf.0.-pod-prod-06-us;
 Fri, 24 Oct 2025 09:26:32 -0700 (PDT)
X-Received: by 2002:a05:6808:50a1:b0:43f:163b:89e with SMTP id 5614622812f47-443a2ea1a61mr12039639b6e.11.1761323192677;
        Fri, 24 Oct 2025 09:26:32 -0700 (PDT)
Received: by 2002:a05:6808:1802:b0:442:1282:b401 with SMTP id 5614622812f47-44d8f83ada2msb6e;
        Fri, 24 Oct 2025 08:53:21 -0700 (PDT)
X-Received: by 2002:a05:6830:2b2a:b0:7c1:bf6:991b with SMTP id 46e09a7af769-7c27c9f43fdmr11546040a34.4.1761321200803;
        Fri, 24 Oct 2025 08:53:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1761321200; cv=none;
        d=google.com; s=arc-20240605;
        b=O8heRkofewG+66JGbQEoPG6XAf5lAZxTNApPdsezXZLhz/BbTt48xEgnrvERiwWoOz
         YJphQy+l6s/8UzzNgJwTIvibNrb56RL3sN6isVHVPpvFmg+p8X8NtMcsE6uAwCjLDH+A
         ZQh2+Kj25isSi1HbIWF2F+rayNilrqX3oTzVaTZX9TekSgQeyBgkza071+x5FaWzjqQv
         aqgXLo1CkF9yjaKAt0DnBdAX0s99CE4R80QKGYKT3eWOXka5HERce+nF06EaM1GXxaKg
         viGZx2fR8WoCm542/wvc+XQWy+DvcLl4tPx0OO21oMyN2Jn7tKbKt6mRjprBMWRix2HH
         6tsQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=content-transfer-encoding:mime-version:feedback-id:message-id
         :subject:from:to:date:dkim-signature;
        bh=J8vy3vJ9Opt8pwI34+LC3diuFsDCaC6SDPXMbV+AL0k=;
        fh=DMP0F9ULS1guKiqimntQRCN8ZraraesEgQuVcn7F0Z0=;
        b=Hr+w59kK/WXuI2s5BndRKbKQ4yi9ORdPFimeBc6xWxnM8LSzmq1sJTiB4XA75qTHwP
         uCtsvBL0hq5QZJtpiFLVUPjZrknEylRwHoSPD+YHR5ESwNMmxEOnuMrfTIFT+2GjqhQ7
         CFJpV2xu3TvwQenqv0bVf47yaeD3zE7Iii01V1w/jkNMHvj7MKNJr1Vnjuc6y70w/ZjW
         k7RfktPJU8jB8oYGbDmpHG85qZatuk4vYhgSYNhk3f3R7ATr8FHi5pnszlVNctBM7sJ0
         WNr7wSsYENmrHflDeIvFj49F25Gm3jHlR/cHucSysm5Z4L0WOV+usub2FXNvSdq965Je
         3Q8Q==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=DAI4xTRG;
       spf=pass (google.com: domain of darosior@protonmail.com designates 109.224.244.18 as permitted sender) smtp.mailfrom=darosior@protonmail.com;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
Received: from mail-24418.protonmail.ch (mail-24418.protonmail.ch. [109.224.244.18])
        by gmr-mx.google.com with ESMTPS id 46e09a7af769-7c51b032f34si84517a34.3.2025.10.24.08.53.20
        for <bitcoindev@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 24 Oct 2025 08:53:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of darosior@protonmail.com designates 109.224.244.18 as permitted sender) client-ip=109.224.244.18;
Date: Fri, 24 Oct 2025 15:53:15 +0000
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
From: "'Antoine Poinsot' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
Subject: [bitcoindev] Public disclosure of 4 Bitcoin Core security advisories
Message-ID: <I5lwexjm1EkKFZpV4_A4b6XvYXvIGjJZ3UpYhfzeC4rXmnNDVQ0Mob4X1We1hmWaisx_0ZSNn6BKH99kfig6rTChHbsCPMZBk2k0ua1E8Ng=@protonmail.com>
Feedback-ID: 7060259:user:proton
X-Pm-Message-ID: 2dfefc99fc396ce6efb6219e81b432269765ad3f
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Original-Sender: darosior@protonmail.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@protonmail.com header.s=protonmail3 header.b=DAI4xTRG;
       spf=pass (google.com: domain of darosior@protonmail.com designates
 109.224.244.18 as permitted sender) smtp.mailfrom=darosior@protonmail.com;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
X-Original-From: Antoine Poinsot <darosior@protonmail.com>
Reply-To: Antoine Poinsot <darosior@protonmail.com>
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -1.0 (-)

Hi everyone,

In accordance with our security disclosure policy, i am sharing today four advisories for
*low-severity* security vulnerabilities fixed in Bitcoin Core version 30.0.

Two weeks ago we pre-announced that we would release advisories for five low-severity
vulnerabilities. One of these has since been promoted to medium severity, and its public
disclosure has therefore been rescheduled in accordance with our policy.

The four vulnerabilities publicly disclosed today are the following:
- CVE-2025-54604: Disk filling from spoofed self connections [0]
- CVE-2025-54605: Disk filling from invalid blocks [1]
- CVE-2025-46597: Highly unlikely remote crash on 32-bit systems [2]
- CVE-2025-46598: CPU DoS from unconfirmed transaction processing [3]

The fixes for CVE-2025-54604, CVE-2025-54605 and CVE-2025-46597 are also included in Bitcoin Core
version 29.1 and later minor releases. Thanks to Eugene Siegel, Niklas Goegge and Pieter Wuille for
reporting these issues and to everyone involved in fixing them.

Our disclosure policy as well as previously disclosed vulnerabilities are available on the Bitcoin
Core website at [4].

Antoine Poinsot

[0]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-54604/
[1]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-54605/
[2]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46597/
[3]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46598/
[4]: https://bitcoincore.org/en/security-advisories/

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/I5lwexjm1EkKFZpV4_A4b6XvYXvIGjJZ3UpYhfzeC4rXmnNDVQ0Mob4X1We1hmWaisx_0ZSNn6BKH99kfig6rTChHbsCPMZBk2k0ua1E8Ng%3D%40protonmail.com.