Stack-based Buffer Overflow in bitcoind and Bitcoin-Qt with Attacker-controlled SOCKS Proxy Server

Stack-based Buffer Overflow in bitcoind and Bitcoin-Qt with Attacker-controlled SOCKS Proxy Server

CVE-2017-18350 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.

Learn more about our Cis Benchmark Audit For Server Software.