CVE-2017-12842: 
Bitcoin Core vulnerability analysis and mitigation

Bitcoin Core before 0.14 contained a vulnerability (CVE-2017-12842) that allowed an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. The vulnerability was discovered in August 2017 and was related to the lack of commitment to block merkle tree depth in Bitcoin's design (Bitcoin Wiki, Bitslog).

The vulnerability stems from Bitcoin Merkle tree making no distinction between inner nodes and leaf nodes. The depth of the tree is implicitly given by the number of transactions. Inner nodes have no specific format and are 64 bytes in length. This allows an attacker to submit a transaction that has exactly 64 bytes in length and then force a victim system to re-interpret this transaction as an inner node of the tree. An attacker can therefore provide an SPV proof that adds an additional leaf node extending the dual transaction/node and provide proof of payment of any transaction they wish (Bitslog).

The vulnerability would allow an attacker to create a valid SPV proof for a fake payment to a victim using an SPV wallet, even though the payment did not actually occur. Completing the attack would cost more than a million dollars and is mainly relevant in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount (Bitcoin Wiki).

The vulnerability was fixed in Bitcoin Core version 0.14. Additionally, simple probabilistic protections could be implemented by SPV wallets. One recommended mitigation was for SPV wallets to check that every internal 64-bit node of the SPV proof is not a valid transaction. Since there are no 64-byte Bitcoin transactions that pass standard-checks, the presence of such transaction should raise an alarm (Bitslog).