From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - In Bitcoin Core versions prior to v25.0, attackers could remotely crash Bitcoin Core nodes by triggering an assertion in the blocktxn message handling logic. - This issue is classified as "High" severity. 2. Vulnerability Details: - When receiving a block announcement, Bitcoin Core attempts to reconstruct the announced block using its own mempool and other available transactions. - If reconstruction fails due to missing transactions, it requests them from the announcing peer via a getblocktxn message. - The blocktxn message should contain the requested transactions. - The compact block protocol uses shortened transaction identifiers to reduce bandwidth. These short IDs are 6 bytes in size, leading to a low-probability collision during block reconstruction (i.e., transaction A having the same short ID as transaction B). - Collisions are detected when the Merkle root computed from the reconstructed transaction set does not match the Merkle root in the block announcement. Collisions should be handled, as they may occur accidentally, and are typically resolved by requesting the full block. 3. Vulnerability Impact: - Bitcoin Core creates a PartiallyDownloadedBlock instance upon receiving a new compact block. - If transactions are missing, this instance is retained until the corresponding blocktxn message is processed. - In the collision scenario described above, the full block is requested, but the PartiallyDownloadedBlock instance and other associated states related to the underlying block request remain unchanged. - This creates an opportunity for a second blocktxn message for the same block, triggering the FillBlock function to be called again. This violates the documented assertion that FillBlock should only be called once, resulting in node crash. 4. Vulnerability Discovery and Fix: - On October 5, 2022, Niklas Gögge reported the issue. - On January 24, 2023, PR #26898 containing the fix was merged. - On May 25, 2023, Bitcoin Core 25.0 was released, including the fix. - Public disclosure occurred on October 9, 2024. 5. Vulnerability Disclosure: - Disclosure of CVE-2024-35202 was published on October 8, 2024. 6. Recommendation: - Bitcoin Core 28.0 has been released. This information provides a detailed description of the CVE-2024-35202 vulnerability, including its impact, remediation process, and disclosure timeline.