Published: 23/07/2014 Updated: 28/08/2015

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple heap-based buffer overflows in the parse_notify function in sgminer prior to 4.2.2, cgminer prior to 4.3.5, and BFGMiner prior to 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bfgminer bfgminer
sgminer project sgminer 4.0.0
sgminer project sgminer 4.2.0
sgminer project sgminer 4.1.271
sgminer project sgminer 4.1.242
sgminer project sgminer 4.1.153
sgminer project sgminer
sgminer project sgminer 4.1.0
bfgminer bfgminer 3.2.2
bfgminer bfgminer 3.2.0
bfgminer bfgminer 3.2.7
bfgminer bfgminer 3.2.6
bfgminer bfgminer 3.2.5
bfgminer bfgminer 3.2.4
bfgminer bfgminer 3.2.8
bfgminer bfgminer 3.2.3
bfgminer bfgminer 3.2.1

CWE-119 http://seclists.org/fulldisclosure/2014/Jul/119 https://github.com/sgminer-dev/sgminer/commit/bac5831b355f916e0696b7bbcccfc51c057b729a https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e https://github.com/sgminer-dev/sgminer/issues/258 https://github.com/luke-jr/bfgminer/commit/ff7f30129f15f7a2213f8ced0cd65c9a331493d9 http://www.securityfocus.com/bid/68831 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-4502

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect