CVE-2024-52917

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-52917

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52917.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-52917

Published

2024-11-18T04:15:04Z

Modified

2025-05-17T08:33:24Z

Summary

[none]

Details

Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.

References

https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom/
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

Affected packages

Git / github.com/bitcoin/bitcoin

Affected ranges

Type: GIT
Repo: https://github.com/bitcoin/bitcoin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a0988140b71485ad12c3c3a4a9573f7c21b1eff8