Affected configurations: Issue reported for eth (cpp-ethereum).</section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody">Likelihood: Medium</section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody">Severity: High</section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody">Impact: Potentially achieve remote code execution on a machine running eth (cpp-ethereum)</section><section class="postbody"></section><section class="postbody"></section><section class="postbody">Details:</section>A vulnerability found in the MiniUPnP library can potentially affect eth clients running with UPnP enabled.

Effects on expected chain reorganisation depth: none</section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody">Remedial action taken by Ethereum: We are verifying whether this can indeed affect cpp-ethereum and will post an update shortly.</section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody">Proposed temporary workaround: Only run eth (cpp-ethereum) with UPNP disabledby passing –upnp off to eth.</section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody">ADVISORY: Disable UPnP if running the eth client (cpp-ethereum). </section>