Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Disclosure of the impact of an infinite loop bug in the miniupnp dependency on
Bitcoin Core, a fix for which was released on September 14th, 2021 in Bitcoin
Core version v22.0.
This issue is considered Low severity.
Details
Miniupnp, the UPnP library used by Bitcoin Core, would be waiting upon
discovery for as long as it receives random data from a device on the network.
In addition it would allocate memory for every new device information. An
attacker on the local network could pretend to be a UPnP device and keep
sending bloated M-SEARCH replies to the Bitcoin Core node until it runs out of
memory.
Only users running with the -miniupnp
option would have been
affected by this bug as Miniupnp is otherwise turned off by default.
Attribution
Credit goes to Ronald Huveneers for reporting the infinite loop bug to the
miniupnp project, and to Michael Ford (Fanquake) for the report to the Bitcoin
Core project along with a PoC exploit to trigger an OOM and a pull request to
bump the dependency (containing the fix).
Timeline
- 2020-09-17 - Initial report of infinite loop bug to miniupnp by Ronald Huveneers
- 2020-10-13 - Initial report sent to security@bitcoincore.org by Michael Ford
- 2021-03-23 - Fix is merged (https://github.com/bitcoin/bitcoin/pull/20421)
- 2021-09-13 - v22.0 is released
- 2024-07-31 - Public disclosure
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.