CVE-2023-50428
- Source
- https://cve.org/CVERecord?id=CVE-2023-50428
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50428.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-50428
- Published
- 2023-12-09T19:15:07.977Z
- Modified
- 2026-03-01T08:11:30.933205Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OPFALSE OPIF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."
- References
-
- https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53
- https://github.com/bitcoin/bitcoin/tags
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
- https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.md
- https://twitter.com/LukeDashjr/status/1732204937466032285
- https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799
- https://twitter.com/LukeDashjr/status/1732204937466032285