Volerion logoVolerion
Volerion logoVolerion

Bitcoin Core Use-After-Free Vulnerability in Script Interpreter Leading to Remote Crash

Vulnerability

A use-after-free vulnerability has been identified in the script interpreter of Bitcoin Core versions 0.14.0 prior to 29.0. This vulnerability allows a remote crash of the Bitcoin Core node by validating specially-crafted blocks. The issue arises because the script validation process can access memory that has already been freed, potentially leading to a crash. In theory, such use-after-free vulnerabilities could be exploited for remote code execution, but the specific conditions of this vulnerability make that unlikely.

Impact

Exploitation of this vulnerability causes a remote crash of the Bitcoin Core node.

Reproduction

To reproduce this vulnerability, mine a block with sufficient proof-of-work that includes a transaction designed to exploit the use-after-free condition in the script interpreter. When the block is validated, the node will crash due to the background thread accessing freed memory.

Remediation

Users can upgrade to Bitcoin Core version 29.0 or later, or Bitcoin Knots version 0.18.1.

Added: May 5, 2026, 8:50 PM
Updated: May 5, 2026, 8:50 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
7.5
exploitability
9.1
remediation
7.7
relevance
7.5
threat
6.4
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.