Reported by Protos on May 5, Bitcoin Core developers publicly disclosed a high-severity vulnerability, CVE-2024-52911, on the official website. The vulnerability allows miners to mine specially crafted blocks, remotely crash other users’ nodes, and execute code under certain conditions. Since Bitcoin full-node upgrades are voluntary, it is currently estimated that about 43% of nodes are still running the vulnerable older software.
Vulnerability technical details
According to the Bitcoin Core official announcement and Protos’ report on May 5, CVE-2024-52911 is a “use-after-free” memory safety vulnerability found in Bitcoin Core’s parallel script verification mechanism. During block validation, Bitcoin Core precomputes and caches transaction input data, then dispatches script verification work to a backend thread. If the backend script verification thread reads cached data that has been destroyed by CScriptCheck, remote code execution may occur.
Bitcoin Core developer Niklas Gögge said this is the first “memory safety” vulnerability in Bitcoin Core’s history. Bitcoin Core’s official announcement confirmed that Bitcoin’s consensus rules have not changed as a result of the vulnerability being fixed.
According to Protos, carrying out this attack requires miners to devote a large amount of computing power to mining invalid blocks that cannot obtain block rewards, making the cost extremely high. As a result, the Bitcoin Core official announcement believes the vulnerability was likely never actually used in history.
Responsible disclosure timeline
According to the Bitcoin Core official announcement and Protos’ report on May 5, the disclosure timeline for CVE-2024-52911 is as follows:
November 2024: Developer Cory Fields discovered the vulnerability and reported it privately
November 2024 (four days after discovery): Pieter Wuille submitted a patch proposal PR #31112
December 2024: PR #31112 merged into production
April 2025: Bitcoin Core v29.0 was released, including the patch
April 19, 2026: Maintenance ended for the last affected version series (28.x)
May 5, 2026: Bitcoin Core publicly disclosed the vulnerability on its official website
Current patch status
According to Protos’ report on May 5, because Bitcoin full-node upgrades are voluntary and updates do not automatically run, it is currently estimated that about 43% of Bitcoin nodes are still running vulnerable versions prior to v29.0. Bitcoin Core recommends that node operators upgrade to v29.0 or a newer version.
Frequently asked questions
What is the impact of CVE-2024-52911 on Bitcoin nodes?
According to the Bitcoin Core official announcement, CVE-2024-52911 allows miners to mine specially crafted blocks to remotely crash nodes running Bitcoin Core versions 0.14.1 to 28.4, and execute remote code under certain conditions. Bitcoin’s consensus rules have not changed as a result of the vulnerability being fixed.
How should node operators respond to CVE-2024-52911?
The versions affected by CVE-2024-52911 are Bitcoin Core 0.14.1 to 28.4. Node operators should upgrade to v29.0 or a newer version. The last affected 28.x version series stopped being maintained on April 19, 2026.
Has CVE-2024-52911 ever been actually exploited?
According to the Bitcoin Core official announcement and Protos’ report on May 5, this attack requires miners to devote a large amount of computing power to mining invalid blocks that cannot obtain block rewards, making the cost extremely high. Bitcoin Core believes the vulnerability was likely never actually used in history.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Has the Bitcoin bear market ended? 10x Research: Early starters are already ahead with a 10% profit
10x Research said that early Bitcoin investors have already made about 10% profit; trading volume remains sluggish, and bullish and bearish sentiment are still strong. Open interest has stabilized, but the funding rate is -6.1%, suggesting a large amount of capital has tilted toward short positions, hinting at a possible market reversal. The research believes that new bull markets often quietly begin while most people are still on the sidelines, and it reminds traders to maintain strict risk control and use hedging.
ChainNewsAbmedia11m ago
BTC Falls Below $77,472, Major CEX Long Liquidations Hit $2.189B on May 6
According to Coinglass data, if BTC falls below $77,472, cumulative long liquidations on major centralized exchanges would reach $2.189 billion as of May 6. Conversely, if BTC breaks above $84,954, cumulative short liquidations would reach $1.948 billion.
GateNews41m ago
CME Group to Launch Bitcoin Volatility Futures on June 1
CME Group will launch cash-settled bitcoin volatility futures beginning June 1, pending regulatory approval. The contracts, trading under ticker BVI, will allow traders to hedge and speculate on bitcoin's volatility directly without taking a directional price bet. The futures will settle to the CME
GateNews1h ago
Whale Opens 750 BTC Long Position at 10x Leverage on April 30, Nets $3.8M Gain by May 6
According to Hyperinsight, a whale at address 0x66f opened a 10x leveraged long position of 750 BTC on April 30, worth $60.8 million, ahead of the Labor Day holiday. By May 6, the position generated over $3.8 million in unrealized gains, representing a 63% return. The address is now the largest long
GateNews1h ago
K Wave Media Redirects $485M Bitcoin Plan to AI Infrastructure
K Wave Media, a Nasdaq-listed Korean media and entertainment firm, announced it will redirect up to US$485 million from a planned bitcoin treasury strategy into AI infrastructure including data centers, GPU compute, and acquisitions, according to CoinDesk. The move amends a US$500 million
CryptoFrontier2h ago
Trader 'pension-usdt.eth' Faces $18M in Unrealized Losses on BTC Shorts as Hyperliquid's Largest Loss Address
According to BlockBeats citing Hyperinsight, on May 6, trader 'pension-usdt.eth' accumulated $18 million in unrealized losses on Hyperliquid after holding BTC short positions for over 35 days amid Bitcoin's rally above $81,000. The address is now the platform's largest loss maker in the past 7
GateNews2h ago
