CVE-2024-52917 Information

Description

Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network e.g. large M-SEARCH replies from a fake UPnP device.

Reference

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom/