CVE-2024-52913 is a vulnerability identified in Bitcoin Core versions prior to 0.21.0, involving improper handling of transaction re-requests. Bitcoin Core nodes maintain a mempool of unconfirmed transactions, which are propagated and requested among peers to ensure network consensus and transaction visibility. This vulnerability arises because the node mishandles re-requests for specific unconfirmed transactions, allowing an attacker to prevent the node from seeing those transactions. The flaw does not compromise transaction confidentiality or integrity but impacts availability by causing selective denial of transaction visibility. The vulnerability is categorized under CWE-770 (Allocation of Resources Without Limits or Throttling), indicating a resource management issue that can be exploited to disrupt normal operation. Exploitation requires no privileges or user interaction and can be performed remotely by connecting to the node and manipulating transaction requests. The CVSS v3.1 base score is 5.3, reflecting a medium severity with network attack vector, low complexity, no privileges required, and no user interaction. No patches or exploit code are currently publicly available, but the issue is documented and should be addressed by upgrading to Bitcoin Core 0.21.0 or later, where the transaction re-request handling has been corrected.

The primary impact of this vulnerability is on the availability of unconfirmed transaction data within affected Bitcoin Core nodes. Attackers can selectively prevent nodes from seeing specific unconfirmed transactions, potentially delaying or disrupting transaction propagation and confirmation. This can degrade the reliability of the Bitcoin network by causing inconsistent mempool states among nodes, which may affect transaction processing times and network consensus efficiency. For organizations relying on Bitcoin Core nodes for transaction validation, payment processing, or blockchain analysis, this could lead to operational disruptions and reduced trust in transaction data accuracy. While the vulnerability does not allow theft or modification of transactions, the denial of transaction visibility could be leveraged in broader attack scenarios, such as double-spending attempts or network partitioning strategies. The lack of known exploits in the wild reduces immediate risk, but the widespread use of Bitcoin Core and the critical role of transaction propagation in blockchain integrity make timely mitigation important.

To mitigate CVE-2024-52913, organizations should upgrade all Bitcoin Core nodes to version 0.21.0 or later, where the transaction re-request mishandling has been fixed. Running up-to-date software is the most effective defense. Additionally, network-level monitoring should be implemented to detect unusual patterns of transaction requests or anomalies in mempool synchronization that could indicate exploitation attempts. Operators can also restrict peer connections to trusted nodes or use firewall rules to limit exposure to untrusted peers, reducing the attack surface. Regularly auditing node logs for errors related to transaction requests and mempool inconsistencies can help identify exploitation attempts early. Finally, maintaining a robust incident response plan for blockchain node anomalies will improve resilience against this and similar vulnerabilities.