Unknown · Bitcoin Core · CVE-2024-52917
Name of the Vulnerable Software and Affected Versions:
Bitcoin Core versions prior to 22.0
Description:
The issue is related to an infinite loop in the miniupnp component, where memory is allocated based on random data received over the network, such as large M-SEARCH replies from a fake UPnP device. This can lead to an infinite loop.
Recommendations:
For versions prior to 22.0, update to version 22.0 or later to resolve the issue. As a temporary workaround, consider disabling the UPnP functionality until a patch is available. Restrict access to the network to minimize the risk of exploitation by fake UPnP devices.