Vulnerability Description
Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitcoin | Bitcoin Core | < 22.0 |
Related Weaknesses (CWE)
References
- https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom/Vendor Advisory
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_ExposuresThird Party Advisory
FAQ
What is CVE-2024-52917?
CVE-2024-52917 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.
How severe is CVE-2024-52917?
CVE-2024-52917 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-52917?
Check the references section above for vendor advisories and patch information. Affected products include: Bitcoin Bitcoin Core.