CVE-2017-15300

Name of the Vulnerable Software and Affected Versions EWBF Cuda Zcash Miner version 0.3.4b

Description The issue concerns the miner statistics HTTP API, which can be exploited for a Denial of Service attack. This occurs because the API hangs on incoming TCP connections until a request is made, such as "GET / HTTP/1.1". An attacker can prevent a user from viewing their mining statistics by opening a session with tools like telnet or netcat and connecting to the miner on the HTTP API port.

Recommendations For EWBF Cuda Zcash Miner version 0.3.4b, as a temporary workaround, consider restricting access to the miner statistics HTTP API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.