CVE-2013-2687

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.

Desbordamiento de búfer basado en pila en la función bpe_decompress en (1) BlackBerry QNX Neutrino RTOS hasta v6.5.0 SP1 y (2) QNX Momentics Tool Suite hasta v6.5.0 SP1 en QNX Software Development Platform, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicacion) o posiblemente ejecutar código a través de paquetes sobre el puerto TCP 4868 manipulados.

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-03-25 CVE Reserved
2013-07-12 CVE Published
2024-09-17 CVE Updated
2024-09-17 EPSS Updated
2024-09-17 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC
http://aluigi.altervista.org/adv/qnxph_1-adv.txt	2024-09-17

URL	Date	SRC
http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01	2013-07-15
http://www.qnx.com/download/feature.html?programid=24850	2013-07-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Blackberry Search vendor "Blackberry"		Qnx Momentics Tool Suite Search vendor "Blackberry" for product "Qnx Momentics Tool Suite"				<= 6.5.0 Search vendor "Blackberry" for product "Qnx Momentics Tool Suite" and version " <= 6.5.0"		sp1		Affected
Blackberry Search vendor "Blackberry"		Qnx Momentics Tool Suite Search vendor "Blackberry" for product "Qnx Momentics Tool Suite"				4.5 Search vendor "Blackberry" for product "Qnx Momentics Tool Suite" and version "4.5"		-		Affected
Blackberry Search vendor "Blackberry"		Qnx Momentics Tool Suite Search vendor "Blackberry" for product "Qnx Momentics Tool Suite"				4.6 Search vendor "Blackberry" for product "Qnx Momentics Tool Suite" and version "4.6"		-		Affected
Blackberry Search vendor "Blackberry"		Qnx Momentics Tool Suite Search vendor "Blackberry" for product "Qnx Momentics Tool Suite"				4.7 Search vendor "Blackberry" for product "Qnx Momentics Tool Suite" and version "4.7"		-		Affected
Blackberry Search vendor "Blackberry"		Qnx Momentics Tool Suite Search vendor "Blackberry" for product "Qnx Momentics Tool Suite"				6.5.0 Search vendor "Blackberry" for product "Qnx Momentics Tool Suite" and version "6.5.0"		-		Affected
Blackberry Search vendor "Blackberry"		Qnx Software Development Platform Search vendor "Blackberry" for product "Qnx Software Development Platform"				-		-		Affected
Blackberry Search vendor "Blackberry"		Qnx Neutrino Rtos Search vendor "Blackberry" for product "Qnx Neutrino Rtos"				<= 6.5.0 Search vendor "Blackberry" for product "Qnx Neutrino Rtos" and version " <= 6.5.0"		sp1		Affected
Blackberry Search vendor "Blackberry"		Qnx Neutrino Rtos Search vendor "Blackberry" for product "Qnx Neutrino Rtos"				6.4.1 Search vendor "Blackberry" for product "Qnx Neutrino Rtos" and version "6.4.1"		-		Affected
Blackberry Search vendor "Blackberry"		Qnx Neutrino Rtos Search vendor "Blackberry" for product "Qnx Neutrino Rtos"				6.5.0 Search vendor "Blackberry" for product "Qnx Neutrino Rtos" and version "6.5.0"		-		Affected