[Pkg-bitcoin-devel] Bug#773624: cgminer: CVE-2014-6251
Michael Gilbert
mgilbert at debian.org
Sun Dec 21 03:22:38 UTC 2014
Package: cgminer
Severity: important
Tags: security
Hi,
the following vulnerability was published for cgminer.
CVE-2014-6251[0]:
| Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote
| attackers to have an unspecified impact by sending a mining.subscribe
| response with a large nonce2 length, then triggering the overflow with
| a mining.notify request.
Details are sparse, and note that the report is about cpuminer rather
than cgminer, but since the two share a lot of code, I couldn't easily
rule out cgminer being affected, so some research needs to be done.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-6251
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-bitcoin-devel
mailing list