CVE-2014-4502
23.07.2014, 14:55
Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.Enginsight
| Vendor | Product | Version |
|---|---|---|
| bfgminer | bfgminer | 𝑥 ≤ 4.0.0 |
| sgminer_project | sgminer | 𝑥 ≤ 4.2.1 |
| sgminer_project | sgminer | 4.0.0 |
| sgminer_project | sgminer | 4.1.0 |
| sgminer_project | sgminer | 4.1.153 |
| sgminer_project | sgminer | 4.1.242 |
| sgminer_project | sgminer | 4.1.271 |
| sgminer_project | sgminer | 4.2.0 |
| bfgminer | bfgminer | 𝑥 ≤ 3.2.9 |
| bfgminer | bfgminer | 3.2.0 |
| bfgminer | bfgminer | 3.2.1 |
| bfgminer | bfgminer | 3.2.2 |
| bfgminer | bfgminer | 3.2.3 |
| bfgminer | bfgminer | 3.2.4 |
| bfgminer | bfgminer | 3.2.5 |
| bfgminer | bfgminer | 3.2.6 |
| bfgminer | bfgminer | 3.2.7 |
| bfgminer | bfgminer | 3.2.8 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| bfgminer |
| ||||||||||||||||||||||||||
| cgminer |
|
Common Weakness Enumeration
References