CVE-2014-4502

Public Exploit

Description

Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.

Category

10.0
CVSS
Severity: Critical
CVSS 2.0 •
EPSS 0.51%
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://www.securityfocus.com/bid/68831 vdb entry
https://github.com/luke-jr/bfgminer/commit/ff7f30129f15f7a2213f8ced0cd65c9a331493d9 patch exploit
https://github.com/sgminer-dev/sgminer/commit/bac5831b355f916e0696b7bbcccfc51c057b729a patch exploit
https://github.com/sgminer-dev/sgminer/issues/258
http://seclists.org/fulldisclosure/2014/Jul/119 mailing list
https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e patch exploit

Frequently Asked Questions

What is the severity of CVE-2014-4502?
CVE-2014-4502 has been scored as a critical severity vulnerability.
How to fix CVE-2014-4502?
To fix CVE-2014-4502, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2014-4502 being actively exploited in the wild?
It is possible that CVE-2014-4502 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.