Hi Bitcoin Developers,
There is an open issue in bitcoin core repository which was created last week:
https://github.com/bitcoin/bitcoin/issues/27586
I think this should have been reported privately as vulnerability instead of
creating a GitHub issue even if it worked only in debug mode. Some users in the
comments have also experienced similar issues without debug build used for
bitcoind. I have not noticed any decline in the number of listening nodes on
bitnodes.io in last 24 hours so I am assuming this is not an issue with
majority of bitcoin core nodes. However, things could have been worse and there
is nothing wrong in reporting something privately if there is even 1%
possibility of it being a vulnerability. I had recently reported something to
LND security team based on a closed issue on GitHub which eventually was not
considered a vulnerability: https://github.com/lightningnetwork/lnd/issues/7449
In the CPU usage issue, maybe the users can run bitcoind with bigger mempool or
try other things shared in the issue by everyone.
This isn't the first time either when vulnerability was reported publicly:
https://gist.github.com/chjj/4ff628f3a0d42823a90edf47340f0db9 and this was even
exploited on mainnet which affected some projects.
This email is just a request to consider the impact of any vulnerability if
gets exploited could affect lot of things. Even the projects with no financial
activity involved follow better practices.
/dev/fd0
floppy disk guy
Sent with [Proton Mail](https://proton.me/) secure email.
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
