CVE-2015-20111
📋 TL;DR
This vulnerability in miniupnp library allows buffer overflow due to missing snprintf return value checks, leading to significant data leaks. In Bitcoin Core before version 0.12, it could enable remote code execution when combined with CVE-2015-6031. Affected systems include Bitcoin Core and any products using vulnerable miniupnp versions.
💻 Affected Systems
- Bitcoin Core
- miniupnp
- products using miniupnp library
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, and potential cryptocurrency wallet compromise in Bitcoin Core systems.
Likely Case
Buffer overflow causing data leaks, service disruption, and potential privilege escalation.
If Mitigated
Limited impact with proper network segmentation and UPnP disabled.
🎯 Exploit Status
Exploitation requires specific conditions but has been weaponized for Bitcoin Core systems. The vulnerability is in a widely used library affecting multiple products.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: miniupnp commit 4c90b87 or later, Bitcoin Core 0.12 or later
Vendor Advisory: https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce/
Restart Required: Yes
Instructions:
1. Update miniupnp to commit 4c90b87 or later. 2. For Bitcoin Core, upgrade to version 0.12 or later. 3. Restart affected services after patching.
🔧 Temporary Workarounds
Disable UPnP
allDisable Universal Plug and Play functionality in affected applications
For Bitcoin Core: bitcoin-qt -upnp=0 or add upnp=0 to bitcoin.conf
Network Segmentation
allIsolate systems running vulnerable software from untrusted networks
🧯 If You Can't Patch
- Disable UPnP functionality completely on affected systems
- Implement strict network access controls and firewall rules to limit exposure
🔍 How to Verify
Check if Vulnerable:
Check miniupnp version: if using commit before 4c90b87 or Bitcoin Core version before 0.12, system is vulnerable.Check Version:
For Bitcoin Core: bitcoin-cli --version. For miniupnp: check git commit hash or library version.Verify Fix Applied:
Verify miniupnp is at commit 4c90b87 or later, or Bitcoin Core is version 0.12 or later.📡 Detection & Monitoring
Log Indicators:
- Buffer overflow errors in application logs
- Unexpected UPnP traffic patterns
- Crash dumps from miniupnp processes
Network Indicators:
- Unusual UPnP discovery requests
- Exploit traffic patterns targeting port 1900/udp
SIEM Query:
source="application_logs" AND ("buffer overflow" OR "miniupnp" OR "UPnP") AND severity=HIGH