{"id":"CVE-2024-34149","details":"In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check (for example, because they agree with the objective but disagree with the technical mechanism, or because they have a different objective).","modified":"2026-04-10T05:12:50.163901Z","published":"2024-04-30T23:15:06.703Z","references":[{"type":"FIX","url":"https://github.com/bitcoin/bitcoin/pull/29769"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bitcoin/bitcoin","events":[{"introduced":"0"},{"last_affected":"d82283950f5ff3b2116e705f931c6e89e5fdd0be"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"27.0"}]}}],"versions":["noversion","v0.3.1","v0.3.11_notexact","v0.3.1rc1","v0.3.2","v0.3.20","v0.3.20.01_closest","v0.3.20.2_closest","v0.3.21","v0.3.21rc","v0.3.22","v0.3.22rc1","v0.3.22rc2","v0.3.22rc3","v0.3.22rc4","v0.3.23","v0.3.23rc1","v0.3.24","v0.3.24rc1","v0.3.24rc2","v0.3.24rc3","v0.3.3","v0.3.6","v0.3.7","v0.3.8","v0.4.0","v0.4.00rc1","v0.4.00rc2","v0.5.0","v0.5.0rc1","v0.5.0rc2","v0.5.0rc4","v0.5.0rc5","v0.5.0rc6","v0.5.0rc7","v0.5.1","v0.5.1rc1","v0.5.1rc2","v0.6.0","v0.6.0rc1","v0.6.0rc2","v0.6.0rc3","v0.6.0rc4","v0.6.0rc5","v0.6.0rc6","v0.6.1","v0.6.1rc1","v0.6.1rc2","v0.7.0","v0.7.0rc1","v0.7.0rc2","v0.7.0rc3","v0.7.1","v0.7.1rc1","v0.8.0","v0.8.0rc1","v0.8.2","v0.8.2rc1","v0.8.2rc2","v0.8.2rc3","v0.9.0rc1","v0.9.0rc2","v21.99-guixtest1","v27.0","v27.0rc1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"25.1.knots20231115"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34149.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}]}