CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-10058

HIGH
8.8
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile6.59th
Published2018年6月5日
Last Modified2024年11月21日

Vulnerability Description

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers.

Affected Platforms (CPE)

📦
Cgminer Project

Cgminer

= 4.10.0
📦
Bfgminer

Bfgminer

= 5.5.0

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2018/06/03/1
🔗 https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10058
🔗 http://www.openwall.com/lists/oss-security/2018/06/03/1
🔗 https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10058

関連する脆弱性情報

CVE-2014-450110.0

Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool s...

CVE-2014-450210.0

Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner befo...

CVE-2018-100576.5

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner co...

CVE-2014-45034.3

The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to ...