View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2014-4502 medium priority: Ubuntu including 2 source packages (bfgminer, cgminer), 28 status rows across 14 suites (artful, bionic, cosmic, disco, lucid, precise, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): ignored 12, DNE 7, not-affected 7, released 2.
Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.