Posted by Gustav Simonsson on October 10, 2015
![Security Advisory [eth (cpp-ethereum) potentially vulnerable if running with UPnP enabled]](https://wps.hkprog.org/storage/posts/images/5a11bdeb24a7f268f30a3a5cae9d3cf6d3b19e1e.webp)
Affected configurations: Issue reported for eth (cpp-ethereum).Likelihood: MediumSeverity: HighImpact: Potentially achieve remote code execution on a machine running eth (cpp-ethereum)Details:A vulnerability found in the MiniUPnP library can potentially affect eth clients running with UPnP enabled. Effects on expected chain reorganisation depth: noneRemedial action taken by Ethereum: We are verifying whether this can indeed affect cpp-ethereum and will post an update shortly.Proposed temporary workaround: Only run eth (cpp-ethereum) with UPNP disabledby passing --upnp off to eth.ADVISORY: Disable UPnP if running the eth client (cpp-ethereum).
0 Comments
Log in to join the conversation.No comments yet. Be the first to share your thoughts.