SGMiner / CGMiner Denial Of Service

2014.07.23
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-20


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Brak
Wpływ na dostępność: Częściowy

Vulnerability title: Invalid Parameters in mining.notify Stratum Message Leads to Denial of Service CVE: CVE-2014-4503 Affected version: SGMiner before 4.2.2, CGMiner 3.3.0 - 4.0.1 Reported by: Mick Ayzenberg of Deja vu Security Details: The "parse_notify" function contains a number of checks to validate that data received from a pool is of an expected format. When parameters are passed that do not pass these checks the function "quit" and "quithere" are called and the application exits. An attacker can utilize this behavior by intentionally sending malformed data, forcing the application to exit. An attacker who is in the middle of a valid stratum connection can trivially perform this attack by providing an invalid hex string for one of these 4 parameters: bbversion, prev_hash, nbit, ntime.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top