Candidate: CVE-2014-4501
PublicDate: 2014-07-23 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4501
 https://github.com/sgminer-dev/sgminer/commit/b65574bef233474e915fdf18614aa211e31cc6c2
 https://github.com/sgminer-dev/sgminer/commit/78cc408369bdbbd440196c93574098d1482efbce
 https://github.com/luke-jr/bfgminer/commit/c80ad8548251eb0e15329fc240c89070640c9d79
 https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e
 http://seclists.org/fulldisclosure/2014/Jul/118
Description:
 Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer
 before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have
 unspecified impact via a long URL in a client.reconnect stratum message to
 the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_cgminer:
 upstream: https://github.com/ckolivas/cgminer/commit/e1c5050734123973b99d181c45e74b2cbb00272e
upstream_cgminer: released (4.4.2)
lucid_cgminer: DNE
precise_cgminer: DNE
precise/esm_cgminer: DNE
trusty_cgminer: ignored (reached end-of-life)
trusty/esm_cgminer: DNE (trusty was needed)
utopic_cgminer: ignored (reached end-of-life)
vivid_cgminer: ignored (reached end-of-life)
vivid/stable-phone-overlay_cgminer: DNE
vivid/ubuntu-core_cgminer: DNE
wily_cgminer: ignored (reached end-of-life)
xenial_cgminer: not-affected
yakkety_cgminer: ignored (reached end-of-life)
zesty_cgminer: ignored (reached end-of-life)
artful_cgminer: ignored (reached end-of-life)
bionic_cgminer: not-affected
cosmic_cgminer: not-affected
disco_cgminer: not-affected
devel_cgminer: not-affected

Patches_bfgminer:
 upstream: https://github.com/luke-jr/bfgminer/commit/c80ad8548251eb0e15329fc240c89070640c9d79
upstream_bfgminer: released (3.3.0)
lucid_bfgminer: DNE
precise_bfgminer: DNE
precise/esm_bfgminer: DNE
trusty_bfgminer: ignored (reached end-of-life)
trusty/esm_bfgminer: DNE (trusty was needed)
utopic_bfgminer: ignored (reached end-of-life)
vivid_bfgminer: ignored (reached end-of-life)
vivid/stable-phone-overlay_bfgminer: DNE
vivid/ubuntu-core_bfgminer: DNE
wily_bfgminer: ignored (reached end-of-life)
xenial_bfgminer: not-affected
yakkety_bfgminer: ignored (reached end-of-life)
zesty_bfgminer: ignored (reached end-of-life)
artful_bfgminer: ignored (reached end-of-life)
bionic_bfgminer: not-affected
cosmic_bfgminer: not-affected
disco_bfgminer: DNE
devel_bfgminer: DNE