A malformed GETDATA message could trigger an infinite loop on the receiving node, using 100% of
the CPU allocated to this thread and not making further progress on this connection.
This issue is considered Low severity.
Details
Before Bitcoin Core 0.20.0, an attacker (or buggy client, even) could send us a GETDATA message
that would cause our net_processing thread to start spinning at 100%, and not make progress
processing messages for the attacker peer anymore. It would still make progress processing messages
from other peers, so it is just a CPU DoS with low impact beyond that (not making progress for
attacker peers is a non-issue). It also increases per-peer long-term memory usage up by 1.5 MB per
attacker peer.
John Newbery opened PR #18808 to fix this issue by only disclosing the lack of progress.
Attribution
Credits to John Newbery for finding this bug, responsibly disclosing it and fixing it.
Timeline
- 2020-04-29 John Newbery opens #18808
- 2020-05-08 John Newbery reports his finding by email
- 2020-05-12 #18808 is merged
- 2020-06-03 Bitcoin Core version 0.20.0 is released with a fix
- 2021-09-13 The last vulnerable Bitcoin Core version (0.19.x) goes EOL
- 2024-07-03 Public disclosure.