crypto

Pretty wild timeline on the latest high severity bug in Bitcoin Core. ~5.5 years from reporting the issue to public disclosure. If you check now the user agents via https://bitnodes.io/nodes, you can see that almost ~17% of the running nodes are still at risk. The major patch was shipped in 2022 via PR: https://github.com/bitcoin/bitcoin/pull/25717.

https://bitcoincore.org/en/2024/09/18/disclose-headers-oom

𝐖𝐨𝐫𝐤𝐢𝐧𝐠 𝐨𝐧 𝐰𝐡𝐚𝐭'𝐬 𝐧𝐞𝐱𝐭.

https://github.com/pcaversaccio

The screenshot square is slightly misleading; you have to add up only the numbers prior to 24.0.1 from the full list. The number 17% is correct.

Isn't it only unsynced nodes on an old version that are at risk? The nodes on an old version that are already synced wouldn't care about old headers, right?