tl;dr https://pastebin.com/raw/qr8XWFkR - you f*cking ping faster than it pongs. this wasn't discovered until recently. sad.
i put this together. it also contains a mode for CVE-2023-33297 ('headers') which was recently patched - although i wasn't given credit because i have haters @ bitcoin-core and blockstream. they kinda run the show now. i'm even banned from contributing to the bitcoin-core github. much decentralization.
how to reproduce the vulnerability yourself:
1. install bitcoin
2. ./bitcoind
3. edit your ip into attack.go: https://pastebin.com/raw/qr8XWFkR
4. save attack.go
5. snap install go --classic
6. go build attack.go
7. ./attack
8. slow oom crash - enjoy the fireworks
screenshot: https://i.imgur.com/DA80ORS.png
happy to answer any questions