CVE-2024-52917: 
Bitcoin Core vulnerability analysis and mitigation

Bitcoin Core before version 22.0 contains a vulnerability in its miniupnp dependency that allows for an infinite loop condition. The vulnerability (CVE-2024-52917) was discovered where the software allocates memory based on random data received over the network, specifically through large M-SEARCH replies from a fake UPnP device. This issue affects users running Bitcoin Core with the -miniupnp option enabled (Bitcoin Core).

The vulnerability exists in the UPnP library (miniupnp) used by Bitcoin Core. When processing device discovery, the software would continue waiting as long as it receives random data from a network device. Additionally, it would allocate memory for each new device information received. The vulnerability is only exploitable when Bitcoin Core is run with the -miniupnp option, as UPnP functionality is disabled by default. The issue has been assigned a CVSS 3.1 Base Score of 6.5 (MEDIUM) with vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

An attacker on the local network could exploit this vulnerability by impersonating a UPnP device and continuously sending bloated M-SEARCH replies to a Bitcoin Core node. This would cause the node to keep allocating memory until it eventually runs out of memory (OOM), resulting in a denial of service condition (Bitcoin Core).

The vulnerability was fixed in Bitcoin Core version 22.0, released on September 13, 2021. Users should upgrade to this version or later to address the issue. As a workaround, users can also disable UPnP functionality (which is disabled by default) to prevent exploitation (Bitcoin Core).