2.2 KiB
| title | shorturl | active | bannerclass |
|---|---|---|---|
| Vulnerability in UPnP library used by Bitcoin Core | upnp-vulnerability | true | alert |
Summary
Either
- turn off the checkbox in the GUI under Options → Network → Map port using UPNP (see above)
- add
-upnp=0to the command line options - add the line
upnp=0to yourbitcoin.conffile
Alternatively, upgrade to a version of Bitcoin Core at least 0.10.3 or 0.11.1. These versions upgrade the library to a non-vulnerable version, as well as have upnp disabled by default to prevent this problem in the future.
Details
Version before 1.9.20151008 of the miniupnpc library are vulnerable to a buffer overflow in the XML parser during initial network discovery. The vulnerable code triggers at startup of Bitcoin Core if upnp is enabled.
Details of the vulnerability can be found here: http://talosintel.com/reports/TALOS-2015-0035/
It has been verified that the vulnerability can be used to crash the application at startup.
To have more connectable nodes, the Bitcoin Core executables distributed by bitcoin.org include the library and have always had UPnP functionality enabled by default.
This applies to the distributed executables only, not when building from source or
using distribution provided packages. Self-built executables have UPnP disabled
by default, unless --enable-upnp-default was provided to the configure script.
Releases starting from 0.10.3 and 0.11.1, and the upcoming 0.12.0 will still ship with (a patched version) of the library, but no longer enable the functionality by default.
Mitigation
Bitcoin Core executables are compiled with Address Space Layout Randomization (ASLR), Stack Smashing Protection (SSP), and non-executable stack and heap (DEP) enabled. This makes it harder to use this vulnerability for remote code execution or private key leaks. However, it is still advised to upgrade, or if not possible, disable UPnP as soon as possible.