Skip to content
HYPE Breakout Creator Economy SEC Regulation Bitcoin Reserve OpenAI Lawsuit

Warning: First Bitcoin memory bug, 43 percent of nodes are unpatched

Bitcoin developers disclosed CVE-2024-52911 - First ever Bitcoin memory bug
SHARE THIS ARTICLE
Share on Flipboard
Twitter
LinkedIn
Telegram
Whatsapp
Written by
Written by
Alan Rada
Reviewed by
Reviewed by
Raghav Chopra
May. 6, 2026

Bitcoin developers have just publicly disclosed a high-severity Bitcoin memory bug that allowed miners to remotely crash other nodes or potentially execute code on them. The vulnerability, designated CVE-2024-52911, affected Bitcoin Core versions 0.14.1 through 28.4 and was privately reported by Cory Fields of the MIT Digital Currency Initiative (MIT DCI) in November 2024.

How the Bitcoin memory bug worked

The Bitcoin memory bug was a use-after-free vulnerability in the script validation engine. Basically, during block validation, Bitcoin Core pre-calculates and caches transaction input data, then dispatches script validation work to background threads that use computer memory. But if subjected to an attack, the node could continue reading from “cached” memory after that data had already been freed by another process. Per findings, this abnormal memory state could allow remote code execution.

A miner that was able to exploit the bug would have had to produce a specially crafted invalid block with sufficient proof-of-work (PoW), thus burning hashpower (without the ability to earn coinbase rewards). The high cost associated with this method of attack would have most likely never been used in practice.

Discovery and patching

In November 2024, Fields privately reported the bug. Within four days, Pieter Wuille pushed a fix proposal (PR 31112) to fix the memory defect disguised as a normal maintenance to avoid raising alarms. The fix was merged by December 2024 and included in the April 2025 release (version 29.0) of Bitcoin Core. The last software version with the memory flaw (28.x) was obsolete on April 19, 2026.

Warning: First Bitcoin memory bug, 43 percent of nodes are unpatched: The high-severity use-after-free vulnerability, CVE-2024-52911, affected versions 0.14.1 through 28.4 and was secretly patched in April 2025.
Bug discovery to disclosure timeline. (Source: Bitcoin Core)
Warning: First Bitcoin memory bug, 43 percent of nodes are unpatched: The high-severity use-after-free vulnerability, CVE-2024-52911, affected versions 0.14.1 through 28.4 and was secretly patched in April 2025.
Fix proposal (PR 31112). Source: Bitcoin Github

Current risk

According to Clark Moody’s dashboard, approximately 43 percent of Bitcoin nodes are still running pre-v29 software, leaving them vulnerable to the Bitcoin memory bug. Bitcoin‘s consensus rules were not changed; the fix only affects how node software handles memory.

Bitcoin Core developer Niklas Gögge noted this is “the first ever memory safety issue” disclosed in the project’s history.

What to do now

For node operators running versions below 29.0, it is critical to upgrade immediately. The Bitcoin Core team follows a policy of publicly disclosing old, previously secret bug fixes after allowing sufficient time for upgrades. Also, following the bug disclosure, made on May 5, 2026, gave node operators over a year to patch since the fix was merged in December 2024.

Alan Rada

Alan Rada

News Writer
A Web3 Journalist at The Coin Headlines with a knack for turning complex ideas into engaging stories. With a solid Tech background, Alan has led teams to create and refine impactful projects across industries, working in firms such as IBM, Cisco Systems, and Telecom. He’s passionate about Blockchain, Finance, Science, bringing a unique blend of technical expertise and creative flair to every piece he writes. When he’s not crafting content, you’ll find him diving deep into research or just having some fun!

About The Coin Headlines

The Coin Headlines strives to bring trust into crypto media. At a time when every soundbite and headline can move the markets from red to green and vice-versa, The Coin Headlines promises to bring verified, credible and timely news and analysis from the world of crypto, blockchain, Web3, tech and markets. Founded in 2026, The Coin Headlines is based in the UAE with a team of experienced journalists and editors covering breaking news and updates from around the world.

From covering the biggest events to interviewing some of the most popular KOLs in the industry, The Coin Headlines keeps you informed of the latest trends and insights.

At The Coin Headlines our focus is clear: Real-time news updates, market movements, whale transfers, macroeconomic trends, tech and AI and geopolitical breaking news. The news we report goes through a strict editorial audit before its published to ensure the readers only get verified and credible information. We realize the world of crypto is dynamic, volatile, and many times, confusing. At The Coin Headlines we break down these complex issues into simple articles which cater to not just the experienced trader but also the student and first-time investor who wants to understand the space before committing to it.

Popular Topics
HYPE Breakout Creator Economy SEC Regulation Bitcoin Reserve OpenAI Lawsuit