Infinite Loop in Bitcoin Core Before 22.0 Allows for Memory Allocation Based on Random Network Data
CVE-2024-52917

Currently unrated

Key Information:

Vendor: Bitcoin Core
Status: Bitcoin Core
Vendor: CVE Published:; 18 November 2024

🔔 Create Bitcoin Core Vulnerability Alert

What is CVE-2024-52917?

Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.

References

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exp...

https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Nov 18, 2024