CVE-2024-52916: 
Bitcoin Core vulnerability analysis and mitigation

CVE-2024-52916 affects Bitcoin Core versions before 0.15.0. The vulnerability was discovered in August 2017 and allows attackers to cause a denial of service (OOM kill of a daemon process) through a flood of minimum difficulty headers. The issue was fixed in Bitcoin Core version 0.15.0, released on September 14, 2017 (Bitcoin Core).

Before the introduction of headers pre-synchronisation, nodes relied exclusively on checkpoints to avoid getting spammed by low-difficulty headers. In Bitcoin Core 0.12.0, a check for headers forking before the last checkpoint's height was moved to after storing the header in mapBlockIndex. This allowed attackers to grow the map unboundedly by spamming headers whose parent is the genesis block (which only need difficulty 1 to create), as such blocks bypassed the checkpoint logic. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 HIGH with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) (NVD).

The vulnerability allows attackers to cause a denial of service condition by triggering an Out of Memory (OOM) kill of the Bitcoin Core daemon process. This could disrupt the operation of Bitcoin nodes running vulnerable versions of the software (Bitcoin Core).

The vulnerability was fixed in Bitcoin Core version 0.15.0, released on September 14, 2017. Users running affected versions should upgrade to Bitcoin Core 0.15.0 or later. The fix was implemented through PR #11028 which corrected the header validation logic (Bitcoin Core).