CVE-2014-4501
Last modified
CVE-2014-4501 is a vulnerability of currently unknown severity. Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.. EPSS estimates a 2.91% chance of exploitation in the next 30 days.
Description
Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sgminer Project | Sgminer | <= 4.2.1 |
| Sgminer Project | Sgminer | 4.0.0 |
| Sgminer Project | Sgminer | 4.1.0 |
| Sgminer Project | Sgminer | 4.1.153 |
| Sgminer Project | Sgminer | 4.1.242 |
| Sgminer Project | Sgminer | 4.1.271 |
| Sgminer Project | Sgminer | 4.2.0 |
| Cgminer Project | Cgminer | <= 4.3.4 |
| Cgminer Project | Cgminer | 4.3.0 |
| Cgminer Project | Cgminer | 4.3.1 |
| Cgminer Project | Cgminer | 4.3.2 |
| Cgminer Project | Cgminer | 4.3.3 |
| Bfgminer | Bfgminer | <= 3.2.9 |
| Bfgminer | Bfgminer | 3.2.0 |
| Bfgminer | Bfgminer | 3.2.1 |
| Bfgminer | Bfgminer | 3.2.2 |
| Bfgminer | Bfgminer | 3.2.3 |
| Bfgminer | Bfgminer | 3.2.4 |
| Bfgminer | Bfgminer | 3.2.5 |
| Bfgminer | Bfgminer | 3.2.6 |
| Bfgminer | Bfgminer | 3.2.7 |
| Bfgminer | Bfgminer | 3.2.8 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-4501?
How severe is CVE-2014-4501?
How do I fix CVE-2014-4501?
Are you affected by CVE-2014-4501?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST