Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
This issue is considered Low severity.
Details
Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This
check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it
to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a
compact block if the victim node has a non-default large mempool which already contains 1GB of
transactions. This would require the victim to have set their -maxmempool option to a value
greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on
32-bit systems.
Attribution
Pieter Wuille discovered this bug and disclosed it responsibly.
Antoine Poinsot proposed and implemented a covert mitigation.
Timeline
- 2025-04-24 - Pieter Wuille reports the issue
- 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
- 2025-06-26 - PR #32530 is merged into master
- 2025-09-04 - Version 29.1 is released with the fix
- 2025-10-10 - Version 30.0 is released with the fix
- 2025-10-24 - Public Disclosure