CVE-2014-4502

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1670%

EPSS Percentile26.82th

PublishedJul 23, 2014

Last ModifiedMay 6, 2026

Vulnerability Description

Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.

Affected Platforms (CPE)

📦

Bfgminer

<= 4.0.0

📦

Sgminer Project

Sgminer

<= 4.2.1

📦

Sgminer Project

Sgminer

= 4.0.0

📦

Sgminer Project

Sgminer

= 4.1.0

📦

Sgminer Project

Sgminer

= 4.1.153

📦

Sgminer Project

Sgminer

= 4.1.242

📦

Sgminer Project

Sgminer

= 4.1.271

📦

Sgminer Project

Sgminer

= 4.2.0

📦

Bfgminer

<= 3.2.9

📦

Bfgminer

= 3.2.0

📦

Bfgminer

= 3.2.1

📦

Bfgminer

= 3.2.2

📦

Bfgminer

= 3.2.3

📦

Bfgminer

= 3.2.4

📦

Bfgminer

= 3.2.5

📦

Bfgminer

= 3.2.6

📦

Bfgminer

= 3.2.7

📦

Bfgminer

= 3.2.8

References & Advisories

🔗 http://seclists.org/fulldisclosure/2014/Jul/119

🔗 http://www.securityfocus.com/bid/68831

🔗 https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e

🔗 https://github.com/luke-jr/bfgminer/commit/ff7f30129f15f7a2213f8ced0cd65c9a331493d9

🔗 https://github.com/sgminer-dev/sgminer/commit/bac5831b355f916e0696b7bbcccfc51c057b729a

🔗 https://github.com/sgminer-dev/sgminer/issues/258

🔗 http://seclists.org/fulldisclosure/2014/Jul/119

🔗 http://www.securityfocus.com/bid/68831

Vulnerability Description

Affected Platforms (CPE)

Bfgminer

Sgminer

Sgminer

Sgminer

Sgminer

Sgminer

Sgminer

Sgminer

Bfgminer

Bfgminer

Bfgminer

Bfgminer

Bfgminer

Bfgminer

Bfgminer

Bfgminer

Bfgminer

Bfgminer

References & Advisories

Related Vulnerabilities