Security advisories post 30.0 release

_posts/en/posts/2025-10-24-disclose-cve-2025-46597.md

@@ -0,0 +1,55 @@
+---
+title: CVE-2025-46597 - Highly unlikely remote crash on 32-bit systems
+name: blog-disclose-cve-2025-46597
+id: blog-disclose-cve-2025-46597
+lang: en
+type: advisory
+layout: post
+redirect_from:
+  - /en/2025/10/24/disclose-cve-2025-46597
+
+## If this is a new post, reset this counter to 1.
+version: 1
+
+## Only true if release announcement or security annoucement. English posts only
+announcement: 1
+
+excerpt: >
+  An attacker could produce a block that crashes nodes running on 32-bit systems in a rare edge case. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
+---
+
+Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node
+to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was
+released on October 10th 2025 in Bitcoin Core v30.0.
+
+This issue is considered **Low** severity.
+
+## Details
+
+Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This
+check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it
+to disk. Such a block cannot be sent using the `BLOCK` message, but could in theory be sent as a
+compact block if the victim node has a non-default large mempool which already contains 1GB of
+transactions. This would require the victim to have set their `-maxmempool` option to a value
+greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
+
+This issue was indirectly prevented by capping the maximum value of the `-maxmempool` setting on
+32-bit systems.
+
+## Attribution
+
+Pieter Wuille discovered this bug and disclosed it responsibly.
+
+Antoine Poinsot proposed and implemented a covert mitigation.
+
+## Timeline
+
+- 2025-04-24 - Pieter Wuille reports the issue
+- 2025-05-16 - Antoine Poinsot opens PR [#32530](https://github.com/bitcoin/bitcoin/pull/32530) with
+  a covert fix
+- 2025-06-26 - PR #32530 is merged into master
+- 2025-09-04 - Version 29.1 is released with the fix
+- 2025-10-10 - Version 30.0 is released with the fix
+- 2025-10-24 - Public Disclosure
+
+{% include references.md %}

_posts/en/posts/2025-10-24-disclose-cve-2025-46598.md

@@ -0,0 +1,57 @@
+---
+title: CVE-2025-46598 - CPU DoS from unconfirmed transaction processing
+name: blog-disclose-cve-2025-46598
+id: blog-disclose-cve-2025-46598
+lang: en
+type: advisory
+layout: post
+redirect_from:
+  - /en/2025/10/24/disclose-cve-2025-46598
+
+## If this is a new post, reset this counter to 1.
+version: 1
+
+## Only true if release announcement or security annoucement. English posts only
+announcement: 1
+
+excerpt: >
+  Specially crafted invalid unconfirmed transactions could cause unnecessary resource usage. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
+---
+
+Disclosure of the details of a resource exhaustion issue when processing an unconfirmed transaction.
+A fix was released on October 10th 2025 in Bitcoin Core v30.0.
+
+This issue is considered **Low** severity.
+
+## Details
+
+An attacker could send specially-crafted unconfirmed transactions that would take a victim node a
+few seconds each to validate. The non-standard transactions would be rejected but not lead to a
+disconnection and the process could be repeated. This could be exploited to delay block propagation.
+
+The issue was mitigated in multiple steps by reducing the validation time in different Script
+contexts.
+
+## Attribution
+
+Antoine Poinsot reported this issue to the Bitcoin Core security mailing list.
+
+Pieter Wuille, Anthony Towns and Antoine Poinsot implemented mitigations to reduce the worst case
+validation time of unconfirmed transactions.
+
+## Timeline
+
+- 2025-04-25 - Antoine Poinsot reports the issue
+- 2025-05-12 - Pieter Wuille opens PR [#32473](https://github.com/bitcoin/bitcoin/pull/32473) to
+  mitigate the worst case quadratic signature hashing in legacy Script context
+- 2025-07-24 - Anthony Towns opens PR [#33050](https://github.com/bitcoin/bitcoin/pull/33050) to
+  mitigate the worst case hashing in Tapscript context
+- 2025-07-30 - Antoine Poinsot opens PR [#33105](https://github.com/bitcoin/bitcoin/pull/33105) to
+  further mitigate the worst case in legacy Script context
+- 2025-08-08 - PR #33105 is merged into master
+- 2025-08-11 - PR #32473 is merged into master
+- 2025-08-12 - PR #33050 is merged into master
+- 2025-10-10 - Version 30.0 is released with the mitigations
+- 2025-10-24 - Public Disclosure
+
+{% include references.md %}

_posts/en/posts/2025-10-24-disclose-cve-2025-54604.md

@@ -0,0 +1,58 @@
+---
+title: CVE-2025-54604 - Disk filling from spoofed self connections
+name: blog-disclose-cve-2025-54604
+id: blog-disclose-cve-2025-54604
+lang: en
+type: advisory
+layout: post
+redirect_from:
+  - /en/2025/10/24/disclose-cve-2025-54604
+
+## If this is a new post, reset this counter to 1.
+version: 1
+
+## Only true if release announcement or security annoucement. English posts only
+announcement: 1
+
+excerpt: >
+  An attacker could cause a victim node to fill up its disk space by repeatedly faking self-connections over a long time. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
+---
+
+Disclosure of the details of a log-filling bug which allowed an attacker to fill up the disk space
+of a victim node by faking self-connections. Exploitability of this bug is limited, and it would
+take a long time before it would cause the victim to run out of disk space.  A fix was released on
+October 10th 2025 in Bitcoin Core v30.0.
+
+This issue is considered **Low** severity.
+
+## Details
+
+Bitcoin Core would unconditionally log in case of self-connection. This could be exploited by an
+attacker by waiting for a victim to connect to it and reusing the version message nonce to establish
+many connections to the victim, causing it to detect those attempts as self-connections. However,
+exploitability is limited because the initial connection from the victim will timeout after 60
+seconds by default.
+
+This issue was fixed by implementing log rate-limiting across the board, also preventing future
+issues of the same type from happening.
+
+## Attribution
+
+Niklas Goegge discovered this bug and disclosed it responsibly.
+
+Eugene Siegel and Niklas Goegge worked on a fix mitigating all types of log-filling attacks.
+
+Credits also to contributor "practicalswift" who previously raised concerns
+about disk-filling vectors in Bitcoin Core and worked to address them.
+
+## Timeline
+
+- 2022-03-16 - Niklas Goegge reports this issue to the Bitcoin Core security mailing list
+- 2025-05-23 - Eugene Siegel opens PR [#32604](https://github.com/bitcoin/bitcoin/pull/32604) to
+  introduce log rate-limiting, based on earlier work from Niklas Goegge
+- 2025-07-09 - PR #32604 is merged into master
+- 2025-09-04 - Version 29.1 is released with the fix
+- 2025-10-10 - Version 30.0 is released with the fix
+- 2025-10-24 - Public Disclosure
+
+{% include references.md %}

_posts/en/posts/2025-10-24-disclose-cve-2025-54605.md

@@ -0,0 +1,60 @@
+---
+title: CVE-2025-54605 - Disk filling from invalid blocks
+name: blog-disclose-cve-2025-54605
+id: blog-disclose-cve-2025-54605
+lang: en
+type: advisory
+layout: post
+redirect_from:
+  - /en/2025/10/24/disclose-cve-2025-54605
+
+## If this is a new post, reset this counter to 1.
+version: 1
+
+## Only true if release announcement or security annoucement. English posts only
+announcement: 1
+
+excerpt: >
+  An attacker could cause a victim node to fill up its disk space by repeatedly sending invalid blocks. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
+---
+
+Disclosure of the details of a log-filling bug which allowed an attacker to cause a victim node to
+fill up its disk space by repeatedly sending invalid blocks. Exploitability of this bug is limited,
+as it would take a long time before it would cause the victim to run out of disk space. A fix was
+released on October 10th 2025 in Bitcoin Core v30.0.
+
+This issue is considered **Low** severity.
+
+## Details
+
+A node would unconditionally log when receiving a block that fails basic sanity checks, or when
+receiving a block that branches off prior to the last checkpoint. By repeatedly sending such an
+invalid block to a victim node, an attacker could cause the victim to run out of disk space.
+
+This issue was fixed by implementing log rate-limiting across the board, also preventing future
+issues of the same type from happening.
+
+## Attribution
+
+Niklas Goegge discovered this bug and disclosed it responsibly. Eugene Siegel independently
+re-discovered this bug and disclosed it responsibly.
+
+Eugene Siegel and Niklas Goegge worked on a fix mitigating all types of log-filling attacks.
+
+Credits also to contributor "practicalswift" who previously raised concerns
+about disk-filling vectors in Bitcoin Core and worked to address them.
+
+## Timeline
+
+- 2022-05-16 - Niklas Goegge reports this issue to the Bitcoin Core security mailing list
+- 2025-03-13 - Eugene Siegel reports this issue to the Bitcoin Core security mailing list
+- 2025-04-24 - Eugene Siegel reports to the security mailing list about his research on the worst
+  case disk filling rate.
+- 2025-05-23 - Eugene Siegel opens PR [#32604](https://github.com/bitcoin/bitcoin/pull/32604) to
+  introduce log rate-limiting, based on earlier work from Niklas Goegge
+- 2025-07-09 - PR #32604 is merged into master
+- 2025-09-04 - Version 29.1 is released with the fix
+- 2025-10-10 - Version 30.0 is released with the fix
+- 2025-10-24 - Public Disclosure
+
+{% include references.md %}