CVE-2024-52913: 
Bitcoin Core vulnerability analysis and mitigation

In Bitcoin Core before 0.21.0, a vulnerability was discovered where an attacker could prevent a node from seeing a specific unconfirmed transaction due to mishandling of transaction re-requests. The vulnerability was assigned CVE-2024-52913 and was disclosed on July 03, 2024 (Bitcoin Core).

The vulnerability stems from the 'g_already_asked_for' mechanism used to schedule GETDATA requests for transactions. The SendMessages() function would send GETDATAs for transactions recently announced by peers and store the request timing in g_already_asked_for. However, this g_already_asked_for was implemented as a 'limitedmap' data structure with a bounded size of 50,000 entries, where the oldest entries would be forgotten if this limit was reached (Bitcoin Core). The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (MEDIUM) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (NVD).

The vulnerability could allow an attacker to prevent a target node from seeing specific unconfirmed transactions, effectively enabling transaction censorship at the network level. This could potentially disrupt normal transaction propagation and affect the network's ability to process certain transactions (Bitcoin Core).

The vulnerability was fixed in Bitcoin Core version 0.21.0 through PR #19988, which implemented a comprehensive approach to fixing this and other related bugs. The fix was merged on October 14, 2020, and Bitcoin Core version 0.21.0 was released with the fix on January 14, 2021. The last vulnerable Bitcoin Core version (0.20.x) reached end-of-life on April 25, 2022 (Bitcoin Core).