CVE-2017-18350

Source
https://cve.org/CVERecord?id=CVE-2017-18350
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18350.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-18350
Published
2020-03-12T21:15:12.373Z
Modified
2026-07-08T11:49:33.598556Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.

References

Affected packages

Git / github.com/bitcoin/bitcoin

Affected ranges

Type
GIT
Repo
https://github.com/bitcoin/bitcoin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.15.1"
        }
    ],
    "cpe": "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*"
}

Affected versions

Other
noversion
v0.*
v0.15.0
v0.15.0.1
v0.15.0rc1
v0.15.0rc2
v0.15.0rc3
v0.15.1rc1
v0.3.1
v0.3.11_notexact
v0.3.1rc1
v0.3.2
v0.3.20
v0.3.20.01_closest
v0.3.20.2_closest
v0.3.21
v0.3.21rc
v0.3.22
v0.3.22rc1
v0.3.22rc2
v0.3.22rc3
v0.3.22rc4
v0.3.23
v0.3.23rc1
v0.3.24
v0.3.24rc1
v0.3.24rc2
v0.3.24rc3
v0.3.3
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.4.00rc1
v0.4.00rc2
v0.5.0
v0.5.0rc1
v0.5.0rc2
v0.5.0rc4
v0.5.0rc5
v0.5.0rc6
v0.5.0rc7
v0.5.1
v0.5.1rc1
v0.5.1rc2
v0.6.0
v0.6.0rc1
v0.6.0rc2
v0.6.0rc3
v0.6.0rc4
v0.6.0rc5
v0.6.0rc6
v0.6.1
v0.6.1rc1
v0.6.1rc2
v0.7.0
v0.7.0rc1
v0.7.0rc2
v0.7.0rc3
v0.7.1
v0.7.1rc1
v0.8.0
v0.8.0rc1
v0.8.2
v0.8.2rc1
v0.8.2rc2
v0.8.2rc3
v0.9.0rc1
v0.9.0rc2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18350.json"