CVE-2017-18350

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-18350

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18350.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-18350

Published

2020-03-12T21:15:12Z

Modified

2025-02-19T00:58:42Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.

References

Affected packages

Git / github.com/bitcoin/bitcoin

Affected ranges

Type: GIT
Repo: https://github.com/bitcoin/bitcoin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7b57bc998f334775b50ebc8ca5e78ca728db4c58