CVE-2014-4502
Published Jul 23, 2014
Last updated 9 years ago
Overview
- Description
- Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bfgminer:bfgminer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FB3B702-DBE8-442F-ADEE-451E75320DDC",
"versionEndIncluding": "4.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sgminer_project:sgminer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "674C554E-841D-4D4B-99B9-F2641327AF5A",
"versionEndIncluding": "4.2.1"
},
{
"criteria": "cpe:2.3:a:sgminer_project:sgminer:4.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E3DD6BA-85F4-49B4-B489-DCB763AA65E2"
},
{
"criteria": "cpe:2.3:a:sgminer_project:sgminer:4.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "95929A1F-64B1-45E7-A9A0-E1603FDCD176"
},
{
"criteria": "cpe:2.3:a:sgminer_project:sgminer:4.1.153:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22ADC6DB-0EB9-43E8-AA12-09FD74CC4914"
},
{
"criteria": "cpe:2.3:a:sgminer_project:sgminer:4.1.242:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB19CC92-1BC6-44F2-B11B-B87EFC0AF8CF"
},
{
"criteria": "cpe:2.3:a:sgminer_project:sgminer:4.1.271:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94A63F06-378D-46BB-98D2-03E70E94A83C"
},
{
"criteria": "cpe:2.3:a:sgminer_project:sgminer:4.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "593E9A8D-2A7D-4089-8E4B-A26FF4E28407"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bfgminer:bfgminer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EE2FAD5-17A9-4289-A55B-029E9C1FD24E",
"versionEndIncluding": "3.2.9"
},
{
"criteria": "cpe:2.3:a:bfgminer:bfgminer:3.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D5FBC7F-A42D-4B77-A5F9-40A5C01F881B"
},
{
"criteria": "cpe:2.3:a:bfgminer:bfgminer:3.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1180D535-1EC2-4C8E-891E-B5DFAB4CCC6D"
},
{
"criteria": "cpe:2.3:a:bfgminer:bfgminer:3.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D105E68A-9261-4B9D-A662-FA3CEB379D89"
},
{
"criteria": "cpe:2.3:a:bfgminer:bfgminer:3.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B83E2C83-D877-494A-BE6F-D2D6BFBD04AE"
},
{
"criteria": "cpe:2.3:a:bfgminer:bfgminer:3.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1889D60B-2777-4F14-B4BD-4C068CE3EAC1"
},
{
"criteria": "cpe:2.3:a:bfgminer:bfgminer:3.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74DA5D3E-E725-435C-ADF0-B9B3141DB691"
},
{
"criteria": "cpe:2.3:a:bfgminer:bfgminer:3.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "728F3472-BE81-4D3F-BA1D-17453F1A1BC5"
},
{
"criteria": "cpe:2.3:a:bfgminer:bfgminer:3.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "708E901D-5DFB-4403-8928-C780AD7780C9"
},
{
"criteria": "cpe:2.3:a:bfgminer:bfgminer:3.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA31DFFC-71FE-438E-BC02-5A880F1AE568"
}
],
"operator": "OR"
}
]
}
]