SGMiner versions prior to 4.2.2, CGMiner versions prior to 4.3.5, and BFGMinter versions prior to 3.3.0 suffer from a stack overflow vulnerability.
dc32fa2fed2ade75dc9dcfbcc249f42532adab5d9397a5a19f9afc47f1fed7b1
Vulnerability title: Stack Overflow in Parsing client.reconnect Message
of the Stratum Mining Protocol
CVE: CVE-2014-4501
Affected version: SGMiner before 4.2.2, CGMiner before 4.3.5, BFGMiner
before 3.3.0
Reported by: Mick Ayzenberg of Deja vu Security
Details:
A malicious pool or an attacker who is in the middle of a valid
stratum connection can send a message to a client running
vulnerable mining software and overflow stack memory.