Lucene search

MitreCVE-2013-2687

HistoryJul 12, 2013 - 4:55 p.m.

CVE-2013-2687

2013-07-1216:55:01

CWE-119

mitre

web.nvd.nist.gov

cve-2013-2687

buffer overflow

blackberry

qnx

neutrino

rtos

momentics tool suite

denial of service

remote attack

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

8.7

Confidence

High

EPSS

0.034

Percentile

91.6%

JSON

Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.

Affected configurations

Nvd

Node

blackberryqnx_momentics_tool_suiteRange≤6.5.0sp1

blackberryqnx_momentics_tool_suiteMatch4.5

blackberryqnx_momentics_tool_suiteMatch4.6

blackberryqnx_momentics_tool_suiteMatch4.7

blackberryqnx_momentics_tool_suiteMatch6.5.0

blackberryqnx_software_development_platformMatch-

blackberryqnx_neutrino_rtosRange≤6.5.0sp1

blackberryqnx_neutrino_rtosMatch6.4.1

blackberryqnx_neutrino_rtosMatch6.5.0

VendorProductVersionCPE
blackberryqnx_momentics_tool_suite*cpe:2.3:a:blackberry:qnx_momentics_tool_suite:*:sp1:*:*:*:*:*:*
blackberryqnx_momentics_tool_suite4.5cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.5:*:*:*:*:*:*:*
blackberryqnx_momentics_tool_suite4.6cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.6:*:*:*:*:*:*:*
blackberryqnx_momentics_tool_suite4.7cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.7:*:*:*:*:*:*:*
blackberryqnx_momentics_tool_suite6.5.0cpe:2.3:a:blackberry:qnx_momentics_tool_suite:6.5.0:*:*:*:*:*:*:*
blackberryqnx_software_development_platform-cpe:2.3:a:blackberry:qnx_software_development_platform:-:*:*:*:*:*:*:*
blackberryqnx_neutrino_rtos*cpe:2.3:o:blackberry:qnx_neutrino_rtos:*:sp1:*:*:*:*:*:*
blackberryqnx_neutrino_rtos6.4.1cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:*:*:*:*:*:*:*
blackberryqnx_neutrino_rtos6.5.0cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
blackberry	qnx_momentics_tool_suite	*	cpe:2.3:a:blackberry:qnx_momentics_tool_suite::sp1::::::*
blackberry	qnx_momentics_tool_suite	4.5	cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.5:::::::*
blackberry	qnx_momentics_tool_suite	4.6	cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.6:::::::*
blackberry	qnx_momentics_tool_suite	4.7	cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.7:::::::*
blackberry	qnx_momentics_tool_suite	6.5.0	cpe:2.3:a:blackberry:qnx_momentics_tool_suite:6.5.0:::::::*
blackberry	qnx_software_development_platform	-	cpe:2.3:a:blackberry:qnx_software_development_platform:-:::::::*
blackberry	qnx_neutrino_rtos	*	cpe:2.3:o:blackberry:qnx_neutrino_rtos::sp1::::::*
blackberry	qnx_neutrino_rtos	6.4.1	cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:::::::*
blackberry	qnx_neutrino_rtos	6.5.0	cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:::::::*

References

aluigi.altervista.org/adv/qnxph_1-adv.txt

ics-cert.us-cert.gov/advisories/ICSA-13-189-01

www.qnx.com/download/feature.html?programid=24850

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

8.7

Confidence

High

EPSS

0.034

Percentile

91.6%

JSON

Related for CVE-2013-2687