Vulnerability in UPnP library used by Bitcoin Core !!

[achow101]

A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this vulnerability.

So the local network has to be compromised first.
And if the local network is compromised, you can be in big trouble even without this vulnerability.

I hope that I understood it right.

That is correct. If the node if on a large network like a company network, this means that someone could attack the node from during the network.

[Amph]

still it does not mean anything for casual users that are not even running a full node and their client is off most of the time

it's always the same story if your desktop is safe and fresh new, you are in a safebox, the only possibility would be that virus(forgot the name) that spread through security holes in the router

also what kind of attack already happened for this vulnerability? i assume none right?

[johnyj]

"It has been verified that the vulnerability can be used to crash the application at startup by running a malicious UPnP server on the local network." 

[saturn643]

"It has been verified that the vulnerability can be used to crash the application at startup by running a malicious UPnP server on the local network." 

A upnp server on the network can send to the node malicious data to crash Bitcoin Core.

I would like to test this, anyone have any idea how?