MidnightBSD

Advisories for sgminer_project

CVE-2014-4501 HIGH

Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sgminer_project sgminer *
cgminer_project cgminer 4.3.3
bfgminer bfgminer 3.2.2
bfgminer bfgminer 3.2.4
sgminer_project sgminer 4.1.0
cgminer_project cgminer 4.3.1
sgminer_project sgminer 4.1.271
bfgminer bfgminer 3.2.6
sgminer_project sgminer 4.1.153
bfgminer bfgminer 3.2.3
bfgminer bfgminer 3.2.7
cgminer_project cgminer *
bfgminer bfgminer 3.2.1
bfgminer bfgminer *
bfgminer bfgminer 3.2.5
sgminer_project sgminer 4.0.0
sgminer_project sgminer 4.1.242
sgminer_project sgminer 4.2.0
bfgminer bfgminer 3.2.8
cgminer_project cgminer 4.3.0
bfgminer bfgminer 3.2.0
cgminer_project cgminer 4.3.2
CVE-2014-4502 HIGH

Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sgminer_project sgminer *
bfgminer bfgminer 3.2.2
bfgminer bfgminer 3.2.4
sgminer_project sgminer 4.1.0
sgminer_project sgminer 4.1.271
bfgminer bfgminer 3.2.6
sgminer_project sgminer 4.1.153
bfgminer bfgminer 3.2.3
bfgminer bfgminer 3.2.7
bfgminer bfgminer 3.2.1
bfgminer bfgminer *
bfgminer bfgminer 3.2.5
sgminer_project sgminer 4.0.0
sgminer_project sgminer 4.1.242
sgminer_project sgminer 4.2.0
bfgminer bfgminer 3.2.8
bfgminer bfgminer 3.2.0
CVE-2014-4503 MEDIUM

The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cgminer_project cgminer 3.7.2
cgminer_project cgminer 3.4.0
cgminer_project cgminer 3.4.1
cgminer_project cgminer 3.6.4
cgminer_project cgminer 3.8.2
cgminer_project cgminer 3.10.0
cgminer_project cgminer 3.11.0
sgminer_project sgminer 4.1.271
cgminer_project cgminer 3.3.0
cgminer_project cgminer 3.7.0
sgminer_project sgminer 4.1.153
cgminer_project cgminer 3.6.3
cgminer_project cgminer 3.4.2
sgminer_project sgminer 4.0.0
sgminer_project sgminer 4.2.0
cgminer_project cgminer 3.8.5
cgminer_project cgminer 3.7.1
cgminer_project cgminer 4.0.0
cgminer_project cgminer 3.3.2
cgminer_project cgminer 3.6.2
cgminer_project cgminer 4.0.1
cgminer_project cgminer 3.8.3
cgminer_project cgminer 3.4.3
sgminer_project sgminer *
cgminer_project cgminer 3.5.0
sgminer_project sgminer 4.1.0
cgminer_project cgminer 3.8.4
cgminer_project cgminer 3.3.3
cgminer_project cgminer 3.5.1
cgminer_project cgminer 3.12.0
cgminer_project cgminer 3.12.2
cgminer_project cgminer 3.12.3
cgminer_project cgminer 3.3.4
cgminer_project cgminer 3.6.1
cgminer_project cgminer 3.6.0
cgminer_project cgminer 3.12.1
sgminer_project sgminer 4.1.242
cgminer_project cgminer 3.8.0
cgminer_project cgminer 3.9.0
cgminer_project cgminer 3.3.1
cgminer_project cgminer 3.8.1