According to PANews, the Bitcoin Core development team has addressed a disk-filling vulnerability that has affected full node operators for five years. This flaw allowed attackers to exploit malicious log commands, such as LogPrintf, LogInfo, LogWarning, or LogError, causing continuous redundant data writing to node hard drives. This posed significant risks to mechanical hard drive nodes and could degrade flash device performance.
The fix was implemented through PR 32604, merged into the main branch by experienced developer Gloria Zhao. The submission passed 19 checks without opposition. Developers anticipate that once the patch is widely adopted with the new Bitcoin Core version, disk-filling attacks will be eradicated. The latest version of Bitcoin Core, 29.0, was released on April 14, and Core versions typically receive updates every few months. As a voluntary software package that does not allow automatic updates, full node operators must manually upgrade their software. Currently, about 16% of node operators are running version 29.0, while others continue to use older versions.
