Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2019-25220
CVE-2019-25220:
Bitcoin Core vulnerability analysis and mitigation
Overview
Bitcoin Core before 24.0.1 was discovered to be vulnerable to a denial of service (daemon crash) attack known as the 'Chain Width Expansion' attack. The vulnerability allows remote attackers to cause a node crash by flooding it with low-difficulty header chains, exploiting the fact that nodes did not verify that a presented chain has enough work before committing to store it (Bitcoin Core, NVD).
Technical details
The vulnerability stems from Bitcoin Core's implementation of blockchain header storage in memory. The issue was that nodes would store header chains without first verifying their proof-of-work difficulty, making them susceptible to being overwhelmed with extremely long chains of low-difficulty headers. Once crafted, an attack chain could be reused to crash any node on the network. The attack's cost has decreased significantly over time - from 32.28% of mining one block in 2019 to just 4.44% by 2024, making it increasingly economically viable for attackers (Bitcoin Core).
Impact
The vulnerability allows attackers to cause a denial of service by crashing Bitcoin Core daemon processes through memory exhaustion. This could potentially disrupt network operations by taking nodes offline. The attack is particularly concerning because once an attack chain is created, it can be reused against multiple nodes, making it an efficient vector for network disruption (Bitcoin Core).
Mitigation and workarounds
The vulnerability was fixed in Bitcoin Core version 24.0.1, which implemented a protection mechanism that verifies a presented chain has enough work before committing to store it. This fix eliminates the need for checkpoint-based protection that was previously used to mitigate similar attacks. Users are advised to upgrade to Bitcoin Core version 24.0.1 or later to protect against this vulnerability (Bitcoin Core).
Community reactions
The vulnerability was initially discovered and reported to the Bitcoin Core project in January 2019 by David Jaenson, who suggested introducing newer checkpoints as a mitigation. It gained more attention when Braydon Fuller posted his 'Chain width expansion' analysis to the bitcoin-dev mailing list in October 2019. The suggested approach was initially not adopted due to concerns about network convergence (Bitcoin Core).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management