CVE-2013-2687

{"id": "CVE-2013-2687", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-07-12T16:55:01.037", "references": [{"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01", "tags": ["Patch", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.qnx.com/download/feature.html?programid=24850", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01", "tags": ["Patch", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.qnx.com/download/feature.html?programid=24850", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n bpe_decompress en (1) BlackBerry QNX Neutrino RTOS hasta v6.5.0 SP1 y (2) QNX Momentics Tool Suite hasta v6.5.0 SP1 en QNX Software Development Platform, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicacion) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de paquetes sobre el puerto TCP 4868 manipulados."}], "lastModified": "2024-11-21T01:52:10.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:*:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F184BC9-8E64-4976-8E3A-F6FF4C1593DB", "versionEndIncluding": "6.5.0"}, {"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A796624B-7F7A-4A92-B83E-D592096B9753"}, {"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97DA1B48-77C6-4C30-816E-B0BC2FEF3401"}, {"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "856700E9-717A-4CE1-A451-23090ACC0A56"}, {"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:6.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7819F1A5-3519-4EEF-895D-B76A452BD4D4"}, {"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F053696-43DE-40F3-933F-8C01721D3D42"}, {"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:*:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CF6AE0F-3167-47A8-9727-89DC0133C0B4", "versionEndIncluding": "6.5.0"}, {"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4476D9C6-C77C-4420-A629-38A8FA195640"}, {"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19D877E0-F8F1-434F-97F3-1DD32883FA77"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}