10
CVE-2014-4502
- EPSS 3.3%
- Veröffentlicht 23.07.2014 14:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sgminer Project ≫ Sgminer Version <= 4.2.1
Sgminer Project ≫ Sgminer Version4.0.0
Sgminer Project ≫ Sgminer Version4.1.0
Sgminer Project ≫ Sgminer Version4.1.153
Sgminer Project ≫ Sgminer Version4.1.242
Sgminer Project ≫ Sgminer Version4.1.271
Sgminer Project ≫ Sgminer Version4.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.3% | 0.869 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e
http://seclists.org/fulldisclosure/2014/Jul/119
http://www.securityfocus.com/bid/68831
https://github.com/luke-jr/bfgminer/commit/ff7f30129f15f7a2213f8ced0cd65c9a331493d9
https://github.com/sgminer-dev/sgminer/commit/bac5831b355f916e0696b7bbcccfc51c057b729a
https://github.com/sgminer-dev/sgminer/issues/258