CVE-2023-50428

Name: CVE-2023-50428
Creator: NVD / NIST
Published: 2023-12-09T19:15:07.977+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 0.78%

Last modified Jun 17, 2026

CVE-2023-50428 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug.". EPSS estimates a 0.78% chance of exploitation in the next 30 days.

Description

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug."

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Probability

0.78%

51.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Bitcoin	Bitcoin Core	>= 0.9, <= 26.0
Bitcoinknots	Bitcoin Knots	>= 0.9, < 25.1

References

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_ExposuresThird Party Advisory
https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53
https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799Issue Tracking
https://github.com/bitcoin/bitcoin/tagsProduct
https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.mdRelease Notes
https://twitter.com/LukeDashjr/status/1732204937466032285Issue Tracking, Third Party Advisory
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_ExposuresThird Party Advisory
https://github.com/bitcoin/bitcoin/blob/65c05db660b2ca1d0076b0d8573a6760b3228068/src/kernel/mempool_options.h#L46-L53
https://github.com/bitcoin/bitcoin/pull/28408#issuecomment-1844981799Issue Tracking
https://github.com/bitcoin/bitcoin/tagsProduct
https://github.com/bitcoinknots/bitcoin/blob/aed49ce8989334c364a219a6eb016a3897d4e3d7/doc/release-notes.mdRelease Notes
https://twitter.com/LukeDashjr/status/1732204937466032285Issue Tracking, Third Party Advisory

Timeline

Published: Dec 9, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-50428?

How severe is CVE-2023-50428?

CVE-2023-50428 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.78% probability of exploitation in the next 30 days.

How do I fix CVE-2023-50428?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-50428?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST