CVE-2023-33297
published 2023-05-22CVE-2023-33297: Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the…
PriorityP273high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.40%
69.1th percentile
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bitcoin | bitcoin_core | < 24.1 | 24.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q9gq-6cqp-445j: Bitcoin Core before 24
ghsa_unreviewed·2023-05-22
CVE-2023-33297 [HIGH] CWE-400 GHSA-q9gq-6cqp-445j: Bitcoin Core before 24
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.
VulnCheck
bitcoin bitcoin_core Uncontrolled Resource Consumption
vulncheck·2023·CVSS 7.5
CVE-2023-33297 [HIGH] bitcoin bitcoin_core Uncontrolled Resource Consumption
bitcoin bitcoin_core Uncontrolled Resource Consumption
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.
Affected: bitcoin bitcoin_core
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2023-33297; https://x.com/123456/status/1711601593399828530
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposureshttps://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.mdhttps://github.com/bitcoin/bitcoin/issues/27586https://github.com/bitcoin/bitcoin/issues/27623https://github.com/bitcoin/bitcoin/pull/27610https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544https://github.com/visualbasic6/drainhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/https://x.com/123456/status/1711601593399828530https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposureshttps://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.1.mdhttps://github.com/bitcoin/bitcoin/issues/27586https://github.com/bitcoin/bitcoin/issues/27623https://github.com/bitcoin/bitcoin/pull/27610https://github.com/dogecoin/dogecoin/issues/3243#issuecomment-1712575544https://github.com/visualbasic6/drainhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/https://x.com/123456/status/1711601593399828530
2023-05-22
Published
Exploited in the wild