Mick Ayzenberg

**Name of the Vulnerable Software and Affected Versions** CPUMiner versions prior to 2.4.1 **Description** A stack-based buffer overflow issue exists, allowing remote attackers to have an unspecified impact. This is achieved by sending a mining.subscribe response with a large `nonce2` length, followed by triggering the overflow with a mining.notify request. **Recommendations** For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** sgminer versions prior to 4.2.2 cgminer versions prior to 4.3.5 BFGMiner versions prior to 3.3.0 **Description** The issue is related to multiple stack-based buffer overflows. These can be triggered by remote pool servers sending a long URL in a client.reconnect stratum message to specific functions. The `extract sockaddr` or `parse reconnect` functions in util.c are affected, potentially allowing remote pool servers to have an unspecified impact. **Recommendations** For sgminer versions prior to 4.2.2, update to version 4.2.2 or later. For cgminer versions prior to 4.3.5, update to version 4.3.5 or later. For BFGMiner versions prior to 3.3.0, update to version 3.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** sgminer versions prior to 4.2.2 cgminer versions prior to 4.3.5 BFGMiner versions prior to 4.1.0 **Description** The issue is related to multiple heap-based buffer overflows in the `parse notify` function. This can be triggered by remote pool servers sending a mining.subscribe response with a large or negative value in the `Extranonc2 size` parameter, followed by a crafted mining.notify request. The impact of this issue is unspecified. **Recommendations** For sgminer versions prior to 4.2.2, update to version 4.2.2 or later. For cgminer versions prior to 4.3.5, update to version 4.3.5 or later. For BFGMiner versions prior to 4.1.0, update to version 4.1.0 or later.

**Name of the Vulnerable Software and Affected Versions** sgminer versions prior to 4.2.2 cgminer versions 3.3.0 through 4.0.1 **Description** The issue allows man-in-the-middle attackers to cause a denial of service, resulting in application exit. This can be achieved by sending a crafted mining.notify action stratum message with malicious parameters, including `bbversion`, `prev hash`, `nbit`, or `ntime`. **Recommendations** For sgminer versions prior to 4.2.2, update to version 4.2.2 or later. For cgminer versions 3.3.0 through 4.0.1, consider disabling the `parse notify` function in util.c as a temporary workaround until a patch is available. Restrict access to the mining.notify action stratum message to minimize the risk of exploitation. Avoid using the parameters `bbversion`, `prev hash`, `nbit`, or `ntime` in the affected API endpoint until the issue is resolved.