CVE-2014-4503
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
23/07/2014
Last modified:
12/04/2025
Description
The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sgminer_project:sgminer:*:*:*:*:*:*:*:* | 4.2.1 (including) | |
| cpe:2.3:a:sgminer_project:sgminer:4.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sgminer_project:sgminer:4.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sgminer_project:sgminer:4.1.153:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sgminer_project:sgminer:4.1.242:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sgminer_project:sgminer:4.1.271:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sgminer_project:sgminer:4.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cgminer_project:cgminer:3.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cgminer_project:cgminer:3.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cgminer_project:cgminer:3.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cgminer_project:cgminer:3.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cgminer_project:cgminer:3.3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cgminer_project:cgminer:3.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cgminer_project:cgminer:3.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cgminer_project:cgminer:3.4.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page