Search criteria
6 vulnerabilities found for sgminer by sgminer_project
CVE-2014-4503 (GCVE-0-2014-4503)
Vulnerability from nvd – Published: 2014-07-23 14:00 – Updated: 2024-08-06 11:20
VLAI?
Summary
The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2014-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:25.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140722 CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-23T12:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140722 CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140722 CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/120"
},
{
"name": "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c",
"refsource": "CONFIRM",
"url": "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4503",
"datePublished": "2014-07-23T14:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:25.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4502 (GCVE-0-2014-4502)
Vulnerability from nvd – Published: 2014-07-23 14:00 – Updated: 2024-08-06 11:20
VLAI?
Summary
Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2014-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68831"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/luke-jr/bfgminer/commit/ff7f30129f15f7a2213f8ced0cd65c9a331493d9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/bac5831b355f916e0696b7bbcccfc51c057b729a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sgminer-dev/sgminer/issues/258"
},
{
"name": "20140722 CVE-2014-4502 : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/119"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-12T14:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68831"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/luke-jr/bfgminer/commit/ff7f30129f15f7a2213f8ced0cd65c9a331493d9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/bac5831b355f916e0696b7bbcccfc51c057b729a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sgminer-dev/sgminer/issues/258"
},
{
"name": "20140722 CVE-2014-4502 : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/119"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68831"
},
{
"name": "https://github.com/luke-jr/bfgminer/commit/ff7f30129f15f7a2213f8ced0cd65c9a331493d9",
"refsource": "CONFIRM",
"url": "https://github.com/luke-jr/bfgminer/commit/ff7f30129f15f7a2213f8ced0cd65c9a331493d9"
},
{
"name": "https://github.com/sgminer-dev/sgminer/commit/bac5831b355f916e0696b7bbcccfc51c057b729a",
"refsource": "CONFIRM",
"url": "https://github.com/sgminer-dev/sgminer/commit/bac5831b355f916e0696b7bbcccfc51c057b729a"
},
{
"name": "https://github.com/sgminer-dev/sgminer/issues/258",
"refsource": "CONFIRM",
"url": "https://github.com/sgminer-dev/sgminer/issues/258"
},
{
"name": "20140722 CVE-2014-4502 : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/119"
},
{
"name": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e",
"refsource": "CONFIRM",
"url": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4502",
"datePublished": "2014-07-23T14:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:26.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4501 (GCVE-0-2014-4501)
Vulnerability from nvd – Published: 2014-07-23 14:00 – Updated: 2024-08-06 11:20
VLAI?
Summary
Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2014-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140722 CVE-2014-4501 : Stack Overflow in Parsing client.reconnect Message of the Stratum Mining Protocol",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/118"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/luke-jr/bfgminer/commit/c80ad8548251eb0e15329fc240c89070640c9d79"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/78cc408369bdbbd440196c93574098d1482efbce"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/b65574bef233474e915fdf18614aa211e31cc6c2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-23T12:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140722 CVE-2014-4501 : Stack Overflow in Parsing client.reconnect Message of the Stratum Mining Protocol",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/118"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/luke-jr/bfgminer/commit/c80ad8548251eb0e15329fc240c89070640c9d79"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/78cc408369bdbbd440196c93574098d1482efbce"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/b65574bef233474e915fdf18614aa211e31cc6c2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140722 CVE-2014-4501 : Stack Overflow in Parsing client.reconnect Message of the Stratum Mining Protocol",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/118"
},
{
"name": "https://github.com/luke-jr/bfgminer/commit/c80ad8548251eb0e15329fc240c89070640c9d79",
"refsource": "CONFIRM",
"url": "https://github.com/luke-jr/bfgminer/commit/c80ad8548251eb0e15329fc240c89070640c9d79"
},
{
"name": "https://github.com/sgminer-dev/sgminer/commit/78cc408369bdbbd440196c93574098d1482efbce",
"refsource": "CONFIRM",
"url": "https://github.com/sgminer-dev/sgminer/commit/78cc408369bdbbd440196c93574098d1482efbce"
},
{
"name": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e",
"refsource": "CONFIRM",
"url": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e"
},
{
"name": "https://github.com/sgminer-dev/sgminer/commit/b65574bef233474e915fdf18614aa211e31cc6c2",
"refsource": "CONFIRM",
"url": "https://github.com/sgminer-dev/sgminer/commit/b65574bef233474e915fdf18614aa211e31cc6c2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4501",
"datePublished": "2014-07-23T14:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:26.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4503 (GCVE-0-2014-4503)
Vulnerability from cvelistv5 – Published: 2014-07-23 14:00 – Updated: 2024-08-06 11:20
VLAI?
Summary
The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2014-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:25.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140722 CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-23T12:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140722 CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140722 CVE-2014-4503 : Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/120"
},
{
"name": "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c",
"refsource": "CONFIRM",
"url": "https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4503",
"datePublished": "2014-07-23T14:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:25.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4502 (GCVE-0-2014-4502)
Vulnerability from cvelistv5 – Published: 2014-07-23 14:00 – Updated: 2024-08-06 11:20
VLAI?
Summary
Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2014-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68831"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/luke-jr/bfgminer/commit/ff7f30129f15f7a2213f8ced0cd65c9a331493d9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/bac5831b355f916e0696b7bbcccfc51c057b729a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sgminer-dev/sgminer/issues/258"
},
{
"name": "20140722 CVE-2014-4502 : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/119"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-12T14:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68831"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/luke-jr/bfgminer/commit/ff7f30129f15f7a2213f8ced0cd65c9a331493d9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/bac5831b355f916e0696b7bbcccfc51c057b729a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sgminer-dev/sgminer/issues/258"
},
{
"name": "20140722 CVE-2014-4502 : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/119"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68831"
},
{
"name": "https://github.com/luke-jr/bfgminer/commit/ff7f30129f15f7a2213f8ced0cd65c9a331493d9",
"refsource": "CONFIRM",
"url": "https://github.com/luke-jr/bfgminer/commit/ff7f30129f15f7a2213f8ced0cd65c9a331493d9"
},
{
"name": "https://github.com/sgminer-dev/sgminer/commit/bac5831b355f916e0696b7bbcccfc51c057b729a",
"refsource": "CONFIRM",
"url": "https://github.com/sgminer-dev/sgminer/commit/bac5831b355f916e0696b7bbcccfc51c057b729a"
},
{
"name": "https://github.com/sgminer-dev/sgminer/issues/258",
"refsource": "CONFIRM",
"url": "https://github.com/sgminer-dev/sgminer/issues/258"
},
{
"name": "20140722 CVE-2014-4502 : Invalid Handling of Length Parameter in Stratum mining.notify Message Leads to Heap Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/119"
},
{
"name": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e",
"refsource": "CONFIRM",
"url": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4502",
"datePublished": "2014-07-23T14:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:26.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4501 (GCVE-0-2014-4501)
Vulnerability from cvelistv5 – Published: 2014-07-23 14:00 – Updated: 2024-08-06 11:20
VLAI?
Summary
Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2014-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:26.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140722 CVE-2014-4501 : Stack Overflow in Parsing client.reconnect Message of the Stratum Mining Protocol",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/118"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/luke-jr/bfgminer/commit/c80ad8548251eb0e15329fc240c89070640c9d79"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/78cc408369bdbbd440196c93574098d1482efbce"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/b65574bef233474e915fdf18614aa211e31cc6c2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-23T12:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140722 CVE-2014-4501 : Stack Overflow in Parsing client.reconnect Message of the Stratum Mining Protocol",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/118"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/luke-jr/bfgminer/commit/c80ad8548251eb0e15329fc240c89070640c9d79"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/78cc408369bdbbd440196c93574098d1482efbce"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sgminer-dev/sgminer/commit/b65574bef233474e915fdf18614aa211e31cc6c2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140722 CVE-2014-4501 : Stack Overflow in Parsing client.reconnect Message of the Stratum Mining Protocol",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/118"
},
{
"name": "https://github.com/luke-jr/bfgminer/commit/c80ad8548251eb0e15329fc240c89070640c9d79",
"refsource": "CONFIRM",
"url": "https://github.com/luke-jr/bfgminer/commit/c80ad8548251eb0e15329fc240c89070640c9d79"
},
{
"name": "https://github.com/sgminer-dev/sgminer/commit/78cc408369bdbbd440196c93574098d1482efbce",
"refsource": "CONFIRM",
"url": "https://github.com/sgminer-dev/sgminer/commit/78cc408369bdbbd440196c93574098d1482efbce"
},
{
"name": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e",
"refsource": "CONFIRM",
"url": "https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e"
},
{
"name": "https://github.com/sgminer-dev/sgminer/commit/b65574bef233474e915fdf18614aa211e31cc6c2",
"refsource": "CONFIRM",
"url": "https://github.com/sgminer-dev/sgminer/commit/b65574bef233474e915fdf18614aa211e31cc6c2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4501",
"datePublished": "2014-07-23T14:00:00.000Z",
"dateReserved": "2014-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:20:26.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}