Multiple Products 'parse_notify' Function Heap Based Buffer Overflow Vulnerabilities
BID:68831
Info
Multiple Products 'parse_notify' Function Heap Based Buffer Overflow Vulnerabilities
| Bugtraq ID: | 68831 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2014-4502 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 23 2014 12:00AM |
| Updated: | Oct 08 2014 08:00AM |
| Credit: | Mick Ayzenberg |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Multiple Products 'parse_notify' Function Heap Based Buffer Overflow Vulnerabilities
SGMiner, CGMiner, BFGMiner and and CPUMiner are prone to multiple heap-based buffer-overflow vulnerabilities.
Successful exploits allow remote attackers to overwrite memory in the heap in the context of the vulnerable application.This may lead to further attacks.
Following products are vulnerable:
SGMiner prior to 4.2.2
CGMiner prior 4.3.5
BFGMiner prior 4.1.0
CPUMiner prior 2.4.1
SGMiner, CGMiner, BFGMiner and and CPUMiner are prone to multiple heap-based buffer-overflow vulnerabilities.
Successful exploits allow remote attackers to overwrite memory in the heap in the context of the vulnerable application.This may lead to further attacks.
Following products are vulnerable:
SGMiner prior to 4.2.2
CGMiner prior 4.3.5
BFGMiner prior 4.1.0
CPUMiner prior 2.4.1
Exploit / POC
Multiple Products 'parse_notify' Function Heap Based Buffer Overflow Vulnerabilities
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Multiple Products 'parse_notify' Function Heap Based Buffer Overflow Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Multiple Products 'parse_notify' Function Heap Based Buffer Overflow Vulnerabilities
References:
References: