Bitcoin Core Integer Overflow Vulnerability Leading to Node Crash on 32-bit Systems

A vulnerability exists in Bitcoin Core versions 0.13.0 through 29.x, where an integer overflow can occur on 32-bit systems. This overflow happens when the software processes blocks larger than 1GB, leading to a crash when the node attempts to write the block to disk. While such a block cannot be transmitted using the 'BLOCK' message, it could theoretically be sent as a compact block if the recipient node has a non-default large mempool containing over 1GB of transactions. This vulnerability is considered low severity and was addressed by capping the maximum 'mempool' size allowed on 32-bit systems.

Impact

Exploiting this vulnerability could cause a node to crash, disrupting its operation and potentially leading to a temporary loss of connectivity with the network.

Reproduction

To reproduce this vulnerability, a node must be running Bitcoin Core version 0.13.0 through 29.x on a 32-bit system. The 'maxmempool' option must be set to a value greater than 3GB, allowing the node to accept a pathological block over 1GB that could be sent as a compact block. When the node receives such a block, the integer overflow occurs, causing the node to crash.

Remediation

Users can upgrade to Bitcoin Core versions 29.1 or 30.0, both of which include the necessary fix. Instructions for downloading these versions are available on the Bitcoin Core website.