CVE-2024-35202: 
Bitcoin Core vulnerability analysis and mitigation

A high-severity vulnerability tracked as CVE-2024-35202 was discovered in Bitcoin Core versions prior to 25.0. The vulnerability allows remote attackers to cause a denial of service by triggering an assertion in the blocktxn message handling logic, resulting in node crashes (Bitcoin Core Disclosure, Security Online). The vulnerability was assigned a CVSS v3.0 base score of 7.5.

The vulnerability occurs in Bitcoin Core's compact block protocol, which uses shortened transaction identifiers to reduce bandwidth usage. When receiving a block announcement via a cmpctblock message, Bitcoin Core attempts to reconstruct the block using transactions from its mempool. If reconstruction fails due to missing transactions, it requests them via a getblocktxn message. The flaw arises when a second blocktxn message is received for the same block, triggering the FillBlock function twice and violating the assumption that this function should only be called once (Bitcoin Core Disclosure).

A successful exploitation of this vulnerability enables attackers to remotely crash Bitcoin Core nodes, potentially causing significant disruptions to the network's stability and functionality. While the crash doesn't enable attackers to compromise funds or steal data, it can cause temporary gaps in transaction processing as affected nodes need to restart (Security Online).

The vulnerability has been fixed in Bitcoin Core version 25.0. Users running affected versions are strongly advised to upgrade to this version to protect against potential attacks (ASEC).