Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-4501 | 3 Bfgminer, Cgminer Project, Sgminer Project | 3 Bfgminer, Cgminer, Sgminer | 2024-02-04 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c. | |||||
CVE-2014-4502 | 2 Bfgminer, Sgminer Project | 2 Bfgminer, Sgminer | 2024-02-04 | 10.0 HIGH | N/A |
Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request. | |||||
CVE-2014-4503 | 2 Cgminer Project, Sgminer Project | 2 Cgminer, Sgminer | 2024-02-04 | 4.3 MEDIUM | N/A |
The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message. |