Vulnerability CVE-2013-2687


Published: 2013-07-12

Description:
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
QNX phrelay/phindows/phditto Stack-based buffer overflow
Luigi Auriemma
13.07.2013

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Blackberry -> Qnx momentics tool suite 
Blackberry -> Qnx software development platform 
Blackberry -> Qnx neutrino rtos 

 References:
http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01
http://www.qnx.com/download/feature.html?programid=24850
http://aluigi.altervista.org/adv/qnxph_1-adv.txt

Copyright 2020, cxsecurity.com

 

Back to Top