CVE-2014-4501

Exploit

EPSS 0.22%
Veröffentlicht 23.07.2014 14:55:06
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sgminer Project ≫ Sgminer Version <= 4.2.1

Sgminer Project ≫ Sgminer Version4.0.0

Sgminer Project ≫ Sgminer Version4.1.0

Sgminer Project ≫ Sgminer Version4.1.153

Sgminer Project ≫ Sgminer Version4.1.242

Sgminer Project ≫ Sgminer Version4.1.271

Sgminer Project ≫ Sgminer Version4.2.0

Cgminer Project ≫ Cgminer Version <= 4.3.4

Cgminer Project ≫ Cgminer Version4.3.0

Cgminer Project ≫ Cgminer Version4.3.1

Cgminer Project ≫ Cgminer Version4.3.2

Cgminer Project ≫ Cgminer Version4.3.3

Bfgminer ≫ Bfgminer Version <= 3.2.9

Bfgminer ≫ Bfgminer Version3.2.0

Bfgminer ≫ Bfgminer Version3.2.1

Bfgminer ≫ Bfgminer Version3.2.2

Bfgminer ≫ Bfgminer Version3.2.3

Bfgminer ≫ Bfgminer Version3.2.4

Bfgminer ≫ Bfgminer Version3.2.5

Bfgminer ≫ Bfgminer Version3.2.6

Bfgminer ≫ Bfgminer Version3.2.7

Bfgminer ≫ Bfgminer Version3.2.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.445

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://seclists.org/fulldisclosure/2014/Jul/118

https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e

Patch

Exploit

https://github.com/luke-jr/bfgminer/commit/c80ad8548251eb0e15329fc240c89070640c9d79

Patch

https://github.com/sgminer-dev/sgminer/commit/78cc408369bdbbd440196c93574098d1482efbce

Patch

Exploit

https://github.com/sgminer-dev/sgminer/commit/b65574bef233474e915fdf18614aa211e31cc6c2

Patch

https://nvd.nist.gov/vuln/detail/CVE-2014-4501