CPUMiner versions prior to 2.4.1 suffer from a stack overflow vulnerability.
881e018723230e378165f533f22a3e6ea9146ec5c7bb8b4f10b1a56c686ea0d6
Vulnerability title: Stack Overflow in CPUMiner When Submitting Upstream
Work
CVE: CVE-2014-6251
Affected version: CPUMiner before 2.4.1
Reported by: Mick Ayzenberg of Deja vu Security
Details:
A malicious pool or an attacker who is in the middle of a valid
stratum connection can respond to a 'mining.subscribe' and instruct a
miner to use a large nonce2 length.
The attacker can then instruct the miner to generate blocks with a
standard 'mining.notify' request. Once the miner has discovered a
valid block it will attempt to copy this large nonce into a fixed size
character array and overflow into stack memory.