CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
34.7%
The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message.
Vendor | Product | Version | CPE |
---|---|---|---|
sgminer_project | sgminer | * | cpe:2.3:a:sgminer_project:sgminer:*:*:*:*:*:*:*:* |
sgminer_project | sgminer | 4.0.0 | cpe:2.3:a:sgminer_project:sgminer:4.0.0:*:*:*:*:*:*:* |
sgminer_project | sgminer | 4.1.0 | cpe:2.3:a:sgminer_project:sgminer:4.1.0:*:*:*:*:*:*:* |
sgminer_project | sgminer | 4.1.153 | cpe:2.3:a:sgminer_project:sgminer:4.1.153:*:*:*:*:*:*:* |
sgminer_project | sgminer | 4.1.242 | cpe:2.3:a:sgminer_project:sgminer:4.1.242:*:*:*:*:*:*:* |
sgminer_project | sgminer | 4.1.271 | cpe:2.3:a:sgminer_project:sgminer:4.1.271:*:*:*:*:*:*:* |
sgminer_project | sgminer | 4.2.0 | cpe:2.3:a:sgminer_project:sgminer:4.2.0:*:*:*:*:*:*:* |
cgminer_project | cgminer | 3.3.0 | cpe:2.3:a:cgminer_project:cgminer:3.3.0:*:*:*:*:*:*:* |
cgminer_project | cgminer | 3.3.1 | cpe:2.3:a:cgminer_project:cgminer:3.3.1:*:*:*:*:*:*:* |
cgminer_project | cgminer | 3.3.2 | cpe:2.3:a:cgminer_project:cgminer:3.3.2:*:*:*:*:*:*:* |