Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sgminer
(Sgminer_project)| Repositories |
• https://github.com/ckolivas/cgminer
• https://github.com/sgminer-dev/sgminer |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-07-23 | CVE-2014-4503 | The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message. | Cgminer, Sgminer | N/A | ||
| 2014-07-23 | CVE-2014-4502 | Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request. | Bfgminer, Sgminer | N/A | ||
| 2014-07-23 | CVE-2014-4501 | Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c. | Bfgminer, Cgminer, Sgminer | N/A |