CVE-2017-18350

Name of the Vulnerable Software and Affected Versions: bitcoind and Bitcoin-Qt versions prior to 0.15.1

Description: The issue results from an integer signedness error when an attacker-controlled SOCKS proxy server responds with an acknowledgement of an unexpected target domain name, leading to a stack-based buffer overflow. This occurs when the proxy server is used with bitcoind and Bitcoin-Qt.

Recommendations: For versions prior to 0.15.1, update to version 0.15.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of attacker-controlled SOCKS proxy servers until a patch is applied.