Home > Vulnerability Database > CVE-2014-4501

Mend.io Vulnerability Database

CVE-2014-4501

Good to know:

Date: July 23, 2014

Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.

Language: C

Severity Score

9.8

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-4501

Url: http://seclists.org/fulldisclosure/2014/Jul/118

Url: https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e

Url: https://github.com/luke-jr/bfgminer/commit/c80ad8548251eb0e15329fc240c89070640c9d79

Url: https://github.com/sgminer-dev/sgminer/commit/b65574bef233474e915fdf18614aa211e31cc6c2

Url: https://github.com/sgminer-dev/sgminer/commit/78cc408369bdbbd440196c93574098d1482efbce

Url: https://www.mend.io/vulnerability-database/CVE-2014-4501

Severity Score

9.8

Weakness Type (CWE)

Buffer Errors

CWE-119

Top Fix

Upgrade Version

Upgrade to version sgminer:4.2.2,cgminer:v4.3.5,bfgminer-3.5.9

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-4501

Good to know:

Date: July 23, 2014

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?