CVE-2017-18350

bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
bitcoinbitcoin_core
𝑥
< 0.15.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
https://medium.com/%40lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
https://medium.com/%40lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5