Description
The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jul/120
Exploit, Patch x_refsource_confirm
https://github.com/sgminer-dev/sgminer/commit/910c36089940e81fb85c65b8e63dcd2fac71470c
Scores
EPSS
0.0122
EPSS Percentile
65.1%
Details
CWE
CWE-20
Status
published
Products (41)
cgminer_project/cgminer
3.3.0
cgminer_project/cgminer
3.3.1
cgminer_project/cgminer
3.3.2
cgminer_project/cgminer
3.3.3
cgminer_project/cgminer
3.3.4
cgminer_project/cgminer
3.4.0
cgminer_project/cgminer
3.4.1
cgminer_project/cgminer
3.4.2
cgminer_project/cgminer
3.4.3
cgminer_project/cgminer
3.5.0
... and 31 more
Published
Jul 23, 2014
Tracked Since
Feb 18, 2026