CVE-2024-52917

Name of the Vulnerable Software and Affected Versions: Bitcoin Core versions prior to 22.0

Description: The issue is related to an infinite loop in the miniupnp component, where memory is allocated based on random data received over the network, such as large M-SEARCH replies from a fake UPnP device. This can lead to an infinite loop.

Recommendations: For versions prior to 22.0, update to version 22.0 or later to resolve the issue. As a temporary workaround, consider disabling the UPnP functionality until a patch is available. Restrict access to the network to minimize the risk of exploitation by fake UPnP devices.