Disclosure of DoS using huge GETDATA messages



A malformed GETDATA message could trigger an infinite loop on the receiving node, using 100% of
the CPU allocated to this thread and not making further progress on this connection.

This issue is considered Low severity.

Details

Before Bitcoin Core 0.20.0, an attacker (or buggy client, even) could send us a GETDATA message
that would cause our net_processing thread to start spinning at 100%, and not make progress
processing messages for the attacker peer anymore. It would still make progress processing messages
from other peers, so it is just a CPU DoS with low impact beyond that (not making progress for
attacker peers is a non-issue). It also increases per-peer long-term memory usage up by 1.5 MB per
attacker peer.

John Newbery opened PR #18808 to fix this issue by
only disclosing the lack of progress.

Attribution

Credits to John Newbery for finding this bug, responsibly disclosing it and fixing it.

Timeline

2020-04-29 John Newbery opens #18808
2020-05-08 John Newbery reports his finding by email
2020-05-12 #18808 is merged
2020-06-03 Bitcoin Core version 0.20.0 is released with a fix
2021-09-13 The last vulnerable Bitcoin Core version (0.19.x) goes EOL
2024-07-03 Public disclosure.



Source link