10
CVE-2014-4501
- EPSS 2.91%
- Veröffentlicht 23.07.2014 14:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sgminer Project ≫ Sgminer Version <= 4.2.1
Sgminer Project ≫ Sgminer Version4.0.0
Sgminer Project ≫ Sgminer Version4.1.0
Sgminer Project ≫ Sgminer Version4.1.153
Sgminer Project ≫ Sgminer Version4.1.242
Sgminer Project ≫ Sgminer Version4.1.271
Sgminer Project ≫ Sgminer Version4.2.0
Cgminer Project ≫ Cgminer Version <= 4.3.4
Cgminer Project ≫ Cgminer Version4.3.0
Cgminer Project ≫ Cgminer Version4.3.1
Cgminer Project ≫ Cgminer Version4.3.2
Cgminer Project ≫ Cgminer Version4.3.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.91% | 0.852 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://seclists.org/fulldisclosure/2014/Jul/118
https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e
https://github.com/luke-jr/bfgminer/commit/c80ad8548251eb0e15329fc240c89070640c9d79
https://github.com/sgminer-dev/sgminer/commit/78cc408369bdbbd440196c93574098d1482efbce
https://github.com/sgminer-dev/sgminer/commit/b65574bef233474e915fdf18614aa211e31cc6c2