Disclosure of the impact of an infinite loop bug in the miniupnp dependency

[ad_1]

Disclosure of the impact of an infinite loop bug in the miniupnp dependency on
Bitcoin Core, a fix for which was released on September 14th, 2021 in Bitcoin
Core version v22.0.

This issue is considered Low severity.

Details

Miniupnp, the UPnP library used by Bitcoin Core, would be waiting upon
discovery for as long as it receives random data from a device on the network.
In addition it would allocate memory for every new device information. An
attacker on the local network could pretend to be a UPnP device and keep
sending bloated M-SEARCH replies to the Bitcoin Core node until it runs out of
memory.

Only users running with the -miniupnp option would have been
affected by this bug as Miniupnp is otherwise turned off by default.

Attribution

Credit goes to Ronald Huveneers for reporting the infinite loop bug to the
miniupnp project, and to Michael Ford (Fanquake) for the report to the Bitcoin
Core project along with a PoC exploit to trigger an OOM and a pull request to
bump the dependency (containing the fix).

Timeline

2020-09-17 – Initial report of infinite loop bug to miniupnp by Ronald Huveneers
2020-10-13 – Initial report sent to security@bitcoincore.org by Michael Ford
2021-03-23 – Fix is merged (
2021-09-13 – v22.0 is released
2024-07-31 – Public disclosure

[ad_2]