CVE-2024-52912: 
Bitcoin Core vulnerability analysis and mitigation

Bitcoin Core before 0.21.0 contains a network split vulnerability (CVE-2024-52912) that results from an integer overflow when calculating the time offset for newly connecting peers and an abs64 logic bug. The vulnerability was discovered in October 2020 and fixed in Bitcoin Core version 0.21.0, released on January 15, 2021 (Bitcoin Core).

The vulnerability stems from two distinct bugs in the version message processing code: 1) A signed-integer overflow when calculating the time offset for newly connecting peers, and 2) An abs64 logic bug (abs64(std::numeric_limits::min()) == std::numeric_limits::min()) that resulted in bypassing the maximum time adjustment limit. The issue is considered Medium severity (Bitcoin Core).

An attacker could exploit these bugs to force a victim's adjusted time (system time + network time offset) to be skewed in such a way that any new blocks would be rejected for having a timestamp too far in the future. The attack requires the attacker to be among the first 200 peers to connect to the victim, as only the time offsets from those initial connections are factored into adjusted time (Bitcoin Core).

The vulnerability was fixed in Bitcoin Core version 0.21.0, released on January 15, 2021. Users should upgrade to version 0.21.0 or later to mitigate this vulnerability. The last vulnerable Bitcoin Core version (0.20.x) reached end-of-life in April 2022 (Bitcoin Core).