Aixcoin Core

Aixcoin Core 29.3 released

Tue, 10 Feb 2026 00:00:00 +0000

Aixcoin Core version 29.3 is now available for download. See the release notes for more information about the bug fixes in this release.

If you have any questions, please stop by the #aixcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

Aixcoin Core 30.2 released

Sat, 10 Jan 2026 00:00:00 +0000

Aixcoin Core version 30.2 is now available for download. See the release notes for more information about the bug fixes in this release.

If you have any questions, please stop by the #aixcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

Aixcoin Core 30.1 released

Fri, 02 Jan 2026 00:00:00 +0000

Aixcoin Core version 30.1 is now available for download. See the release notes for more information about the bug fixes in this release.

If you have any questions, please stop by the #aixcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

CVE-2025-46597 - Highly unlikely remote crash on 32-bit systems

Fri, 24 Oct 2025 00:00:00 +0000

Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Aixcoin Core v30.0.

This issue is considered Low severity.

Details

Before writing a block to disk, Aixcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.

This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

Attribution

Pieter Wuille discovered this bug and disclosed it responsibly.

Antoine Poinsot proposed and implemented a covert mitigation.

Timeline

2025-04-24 - Pieter Wuille reports the issue
2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
2025-06-26 - PR #32530 is merged into master
2025-09-04 - Version 29.1 is released with the fix
2025-10-10 - Version 30.0 is released with the fix
2025-10-24 - Public Disclosure

CVE-2025-46598 - CPU DoS from unconfirmed transaction processing

Fri, 24 Oct 2025 00:00:00 +0000

Disclosure of the details of a resource exhaustion issue when processing an unconfirmed transaction. A fix was released on October 10th 2025 in Aixcoin Core v30.0.

This issue is considered Low severity.

Details

An attacker could send specially-crafted unconfirmed transactions that would take a victim node a few seconds each to validate. The non-standard transactions would be rejected but not lead to a disconnection and the process could be repeated. This could be exploited to delay block propagation.

The issue was mitigated in multiple steps by reducing the validation time in different Script contexts.

Attribution

Antoine Poinsot reported this issue to the Aixcoin Core security mailing list.

Pieter Wuille, Anthony Towns and Antoine Poinsot implemented mitigations to reduce the worst case validation time of unconfirmed transactions.

Timeline

2025-04-25 - Antoine Poinsot reports the issue
2025-05-12 - Pieter Wuille opens PR #32473 to mitigate the worst case quadratic signature hashing in legacy Script context
2025-07-24 - Anthony Towns opens PR #33050 to mitigate the worst case hashing in Tapscript context
2025-07-30 - Antoine Poinsot opens PR #33105 to further mitigate the worst case in legacy Script context
2025-08-08 - PR #33105 is merged into master
2025-08-11 - PR #32473 is merged into master
2025-08-12 - PR #33050 is merged into master
2025-10-10 - Version 30.0 is released with the mitigations
2025-10-24 - Public Disclosure