* [bitcoindev] Public disclosure of 4 Bitcoin Core security advisories
@ 2025-10-24 15:53 'Antoine Poinsot' via Bitcoin Development Mailing List
0 siblings, 0 replies; only message in thread
From: 'Antoine Poinsot' via Bitcoin Development Mailing List @ 2025-10-24 15:53 UTC (permalink / raw)
To: Bitcoin Development Mailing List
Hi everyone,
In accordance with our security disclosure policy, i am sharing today four advisories for
*low-severity* security vulnerabilities fixed in Bitcoin Core version 30.0.
Two weeks ago we pre-announced that we would release advisories for five low-severity
vulnerabilities. One of these has since been promoted to medium severity, and its public
disclosure has therefore been rescheduled in accordance with our policy.
The four vulnerabilities publicly disclosed today are the following:
- CVE-2025-54604: Disk filling from spoofed self connections [0]
- CVE-2025-54605: Disk filling from invalid blocks [1]
- CVE-2025-46597: Highly unlikely remote crash on 32-bit systems [2]
- CVE-2025-46598: CPU DoS from unconfirmed transaction processing [3]
The fixes for CVE-2025-54604, CVE-2025-54605 and CVE-2025-46597 are also included in Bitcoin Core
version 29.1 and later minor releases. Thanks to Eugene Siegel, Niklas Goegge and Pieter Wuille for
reporting these issues and to everyone involved in fixing them.
Our disclosure policy as well as previously disclosed vulnerabilities are available on the Bitcoin
Core website at [4].
Antoine Poinsot
[0]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-54604/
[1]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-54605/
[2]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46597/
[3]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46598/
[4]: https://bitcoincore.org/en/security-advisories/
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/I5lwexjm1EkKFZpV4_A4b6XvYXvIGjJZ3UpYhfzeC4rXmnNDVQ0Mob4X1We1hmWaisx_0ZSNn6BKH99kfig6rTChHbsCPMZBk2k0ua1E8Ng%3D%40protonmail.com.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-10-24 16:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-10-24 15:53 [bitcoindev] Public disclosure of 4 Bitcoin Core security advisories 'Antoine Poinsot' via Bitcoin Development Mailing List
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox