CVE-2017-18350: 
Bitcoin Core vulnerability analysis and mitigation

bitcoind and Bitcoin-Qt prior to 0.15.1 contain a stack-based buffer overflow vulnerability when using an attacker-controlled SOCKS proxy server. The vulnerability stems from an integer signedness error that occurs when the proxy server responds with an acknowledgement of an unexpected target domain name (NVD).

The vulnerability was introduced in April 2012 with SOCKS5 support implementation. When a connection request is made from the node, if a malicious proxy responds with an acknowledgement containing a target domain name length using the high bit (128-255), it gets interpreted as a negative number. This negative number, when passed to the recv() system call, gets converted to an unsigned/positive 32-bit number, resulting in an infinite read beyond the 256-byte dummy stack buffer (Dashjr Disclosure).

The vulnerability allows a malicious SOCKS proxy server to overwrite the program stack on systems with a signed char type, including common 32-bit and 64-bit x86 PCs. This is particularly concerning for nodes configured to use a proxy over an insecure network like the Internet, as connections could be intercepted for exploitation (Dashjr Disclosure).

The vulnerability was fixed in Bitcoin Core v0.15.1, released on November 9, 2017. The fix involved changing the dummy buffer to an explicitly unsigned data type, preventing the conversion to/from a negative number. Users should upgrade to version 0.15.1 or later to protect against this vulnerability (Dashjr Disclosure).