CVE-2024-55563

Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel transactions.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://ariard.github.io	Third Party Advisory
https://bitcoincore.org	Product
https://delvingbitcoin.org/t/full-disclosure-transaction-relay-throughput-overflow-attacks-against-off-chain-protocols/1305	Issue Tracking
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures	Third Party Advisory
https://gnusha.org/pi/bitcoindev/CALZpt+EptER=p+P7VN3QAb9n=dODA9_LnR9xZwWpRsdAwedv=w@mail.gmail.com/T/#u	Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-09 01:15

Updated : 2025-05-22 16:56

NVD link : CVE-2024-55563

Mitre link : CVE-2024-55563

CVE.ORG link : CVE-2024-55563

JSON object : View

Products Affected

bitcoin

bitcoin_core

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2024-55563", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-12-09T01:15:06.313", "references": [{"url": "https://ariard.github.io", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://bitcoincore.org", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://delvingbitcoin.org/t/full-disclosure-transaction-relay-throughput-overflow-attacks-against-off-chain-protocols/1305", "tags": ["Issue Tracking"], "source": "[email protected]"}, {"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://gnusha.org/pi/bitcoindev/CALZpt+EptER=p+P7VN3QAb9n=dODA9_LnR9xZwWpRsdAwedv=w@mail.gmail.com/T/#u", "tags": ["Mailing List"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel transactions."}, {"lang": "es", "value": "Bitcoin Core hasta la versi\u00f3n 27.2 permite el bloqueo de la retransmisi\u00f3n de transacciones mediante un ataque de protocolo fuera de la cadena, un problema relacionado con CVE-2024-52913. Por ejemplo, el resultado de un HTLC (contrato de bloqueo de tiempo hash) puede modificarse porque una inundaci\u00f3n de tr\u00e1fico de transacciones impide la propagaci\u00f3n de ciertas transacciones del canal Lightning."}], "lastModified": "2025-05-22T16:56:06.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB07D952-A7AA-49EE-AE7F-3153A80E0602", "versionEndIncluding": "27.2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}