CVE-2021-3401

Name of the Vulnerable Software and Affected Versions: Bitcoin Core versions prior to 0.19.0

Description: The issue might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program. This could be demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. The discoverer notes that they believe this issue cannot actually be exploited.

Recommendations: For versions prior to 0.19.0, update to version 0.19.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the -platformpluginpath argument in the bitcoin-qt program to minimize the risk of exploitation.