CVE-2023-50428

Summary

CVE-2023-50428 is a vulnerability affecting Bitcoin Core up to version 26.0 and Bitcoin Knots before 25.1.knots20231115. Maliciously obfuscated data, disguised as code using OP_FALSE and OP_IF, can bypass datacarrier size limits. This issue was exploited in the wild by Inscriptions in 2022 and 2023, although some view it as a non-issue. Despite the conflicting opinions, this vulnerability poses a risk to Bitcoin Core and Bitcoin Knots networks. An attacker could exploit it to exceed size constraints, potentially leading to denial-of-service attacks or other malicious activities. The exploitation technique involves encoding data as code, capitalizing on the lack of stringent validation checks for data formats. This bypasses the intended datacarrier size limits, allowing attackers to transmit larger data packets than permitted. Inscriptions, a known attacker, successfully exploited this vulnerability in 2022 and 2023, highlighting its potential threat to the Bitcoin ecosystem. It is essential for affected versions to be upgraded to mitigate this risk. While some argue that this behavior is intended, the reality is that this vulnerability can be used maliciously, making it a significant security concern for the Bitcoin network.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.