PT-2014-5934 · Sgminer+2 · Sgminer+2
Mick Ayzenberg
·
Published
2014-07-23
·
Updated
2014-07-23
·
CVE-2014-4501
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
sgminer versions prior to 4.2.2
cgminer versions prior to 4.3.5
BFGMiner versions prior to 3.3.0
Description
The issue is related to multiple stack-based buffer overflows. These can be triggered by remote pool servers sending a long URL in a client.reconnect stratum message to specific functions. The
extract sockaddr or parse reconnect functions in util.c are affected, potentially allowing remote pool servers to have an unspecified impact.Recommendations
For sgminer versions prior to 4.2.2, update to version 4.2.2 or later.
For cgminer versions prior to 4.3.5, update to version 4.3.5 or later.
For BFGMiner versions prior to 3.3.0, update to version 3.3.0 or later.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bfgminer
Cgminer
Sgminer