CVE-2014-4503

Name of the Vulnerable Software and Affected Versions sgminer versions prior to 4.2.2 cgminer versions 3.3.0 through 4.0.1

Description The issue allows man-in-the-middle attackers to cause a denial of service, resulting in application exit. This can be achieved by sending a crafted mining.notify action stratum message with malicious parameters, including bbversion, prev hash, nbit, or ntime.

Recommendations For sgminer versions prior to 4.2.2, update to version 4.2.2 or later. For cgminer versions 3.3.0 through 4.0.1, consider disabling the parse notify function in util.c as a temporary workaround until a patch is available. Restrict access to the mining.notify action stratum message to minimize the risk of exploitation. Avoid using the parameters bbversion, prev hash, nbit, or ntime in the affected API endpoint until the issue is resolved.