VYPR
Unrated severityNVD Advisory· Published Jul 23, 2014· Updated Jun 17, 2026

CVE-2014-4502

CVE-2014-4502

Description

Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

20
  • Bfgminer/Bfgminer11 versions
    cpe:2.3:a:bfgminer:bfgminer:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:bfgminer:bfgminer:*:*:*:*:*:*:*:*range: <=4.0.0
    • cpe:2.3:a:bfgminer:bfgminer:3.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bfgminer:bfgminer:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bfgminer:bfgminer:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:bfgminer:bfgminer:3.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:bfgminer:bfgminer:3.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:bfgminer:bfgminer:3.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:bfgminer:bfgminer:3.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:bfgminer:bfgminer:3.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:bfgminer:bfgminer:3.2.8:*:*:*:*:*:*:*
    • (no CPE)range: <4.1.0
  • cpe:2.3:a:sgminer_project:sgminer:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:sgminer_project:sgminer:*:*:*:*:*:*:*:*range: <=4.2.1
    • cpe:2.3:a:sgminer_project:sgminer:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sgminer_project:sgminer:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sgminer_project:sgminer:4.1.153:*:*:*:*:*:*:*
    • cpe:2.3:a:sgminer_project:sgminer:4.1.242:*:*:*:*:*:*:*
    • cpe:2.3:a:sgminer_project:sgminer:4.1.271:*:*:*:*:*:*:*
    • cpe:2.3:a:sgminer_project:sgminer:4.2.0:*:*:*:*:*:*:*
  • Cgminer/cgminerllm-create
    Range: <4.3.5
  • Range: <4.2.2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.