Disclosure of the impact of an infinite loop bug in the miniupnp dependency on Aixcoin Core, a fix for which was released on September 14th, 2021 in Aixcoin Core version v22.0.
This issue is considered Low severity.
Details
Miniupnp, the UPnP library used by Aixcoin Core, would be waiting upon discovery for as long as it receives random data from a device on the network. In addition it would allocate memory for every new device information. An attacker on the local network could pretend to be a UPnP device and keep sending bloated M-SEARCH replies to the Aixcoin Core node until it runs out of memory.
Only users running with the -miniupnp option would have been
affected by this bug as Miniupnp is otherwise turned off by default.
Attribution
Credit goes to Ronald Huveneers for reporting the infinite loop bug to the miniupnp project, and to Michael Ford (Fanquake) for the report to the Aixcoin Core project along with a PoC exploit to trigger an OOM and a pull request to bump the dependency (containing the fix).
Timeline
- 2020-09-17 - Initial report of infinite loop bug to miniupnp by Ronald Huveneers
- 2020-10-13 - Initial report sent to security@aixcoin-core.github.io by Michael Ford
- 2021-03-23 - Fix is merged (https://github.com/aixcoin/aixcoin/pull/20421)
- 2021-09-13 - v22.0 is released
- 2024-07-31 - Public disclosure