CVE-2025-46597 - Highly unlikely remote crash on 32-bit systems

Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the nodeto crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix wasreleased on October 10th 2025 in Bitcoin Core v30.0. This issue is considered Low severity. Details Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. Thischeck would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing itto disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as acompact block if the victim node has a non-default large mempool which already contains 1GB oftransactions. This would require the victim to have set their -maxmempool option to a valuegreater than 3GB, while 32-bit systems may have at most 4GiB of memory. This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on32-bit systems. Attribution Pieter Wuille discovered this bug and disclosed it responsibly. Antoine Poinsot proposed and implemented a covert mitigation. Timeline 2025-04-24 - Pieter Wuille reports the issue 2025-05-16 - Antoine Poinsot opens PR #32530 witha covert fix 2025-06-26 - PR #32530 is merged into master 2025-09-04 - Version 29.1 is released with the fix 2025-10-10 - Version 30.0 is released with the fix 2025-10-24 - Public Disclosure