CVE-2014-4501

Name of the Vulnerable Software and Affected Versions sgminer versions prior to 4.2.2 cgminer versions prior to 4.3.5 BFGMiner versions prior to 3.3.0

Description The issue is related to multiple stack-based buffer overflows. These can be triggered by remote pool servers sending a long URL in a client.reconnect stratum message to specific functions. The extract sockaddr or parse reconnect functions in util.c are affected, potentially allowing remote pool servers to have an unspecified impact.

Recommendations For sgminer versions prior to 4.2.2, update to version 4.2.2 or later. For cgminer versions prior to 4.3.5, update to version 4.3.5 or later. For BFGMiner versions prior to 3.3.0, update to version 3.3.0 or later.