Stack-based buffer overflow vulnerability in sgminer, cgminer, and BFGMiner allows remote pool servers to execute arbitrary code via a long URL in a client.reconnect stratum message.

CVE-2014-4501 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.

Learn more about our Cis Benchmark Audit For Server Software.