CVE-2014-4503

Exploit

EPSS 0.31%
Veröffentlicht 23.07.2014 14:55:06
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sgminer Project ≫ Sgminer Version <= 4.2.1

Sgminer Project ≫ Sgminer Version4.0.0

Sgminer Project ≫ Sgminer Version4.1.0

Sgminer Project ≫ Sgminer Version4.1.153

Sgminer Project ≫ Sgminer Version4.1.242

Sgminer Project ≫ Sgminer Version4.1.271

Sgminer Project ≫ Sgminer Version4.2.0

Cgminer Project ≫ Cgminer Version3.3.0

Cgminer Project ≫ Cgminer Version3.3.1

Cgminer Project ≫ Cgminer Version3.3.2

Cgminer Project ≫ Cgminer Version3.3.3

Cgminer Project ≫ Cgminer Version3.3.4

Cgminer Project ≫ Cgminer Version3.4.0

Cgminer Project ≫ Cgminer Version3.4.1

Cgminer Project ≫ Cgminer Version3.4.2

Cgminer Project ≫ Cgminer Version3.4.3

Cgminer Project ≫ Cgminer Version3.5.0

Cgminer Project ≫ Cgminer Version3.5.1

Cgminer Project ≫ Cgminer Version3.6.0

Cgminer Project ≫ Cgminer Version3.6.1

Cgminer Project ≫ Cgminer Version3.6.2

Cgminer Project ≫ Cgminer Version3.6.3

Cgminer Project ≫ Cgminer Version3.6.4

Cgminer Project ≫ Cgminer Version3.7.0

Cgminer Project ≫ Cgminer Version3.7.1

Cgminer Project ≫ Cgminer Version3.7.2

Cgminer Project ≫ Cgminer Version3.8.0

Cgminer Project ≫ Cgminer Version3.8.1

Cgminer Project ≫ Cgminer Version3.8.2

Cgminer Project ≫ Cgminer Version3.8.3

Cgminer Project ≫ Cgminer Version3.8.4

Cgminer Project ≫ Cgminer Version3.8.5

Cgminer Project ≫ Cgminer Version3.9.0

Cgminer Project ≫ Cgminer Version3.10.0

Cgminer Project ≫ Cgminer Version3.11.0

Cgminer Project ≫ Cgminer Version3.12.0

Cgminer Project ≫ Cgminer Version3.12.1

Cgminer Project ≫ Cgminer Version3.12.2

Cgminer Project ≫ Cgminer Version3.12.3

Cgminer Project ≫ Cgminer Version4.0.0

Cgminer Project ≫ Cgminer Version4.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.506

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://seclists.org/fulldisclosure/2014/Jul/120

https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c

Patch

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2014-4503

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-4503

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-4503

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2014-4503