CVE-2013-2687
Summary
| CVE | CVE-2013-2687 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-07-12 16:55:00 UTC |
| Updated | 2013-07-15 04:00:00 UTC |
| Description | Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Blackberry | Qnx Momentics Tool Suite | 4.5 | All | All | All |
| Application | Blackberry | Qnx Momentics Tool Suite | 4.6 | All | All | All |
| Application | Blackberry | Qnx Momentics Tool Suite | 4.7 | All | All | All |
| Application | Blackberry | Qnx Momentics Tool Suite | 6.5.0 | All | All | All |
| Application | Blackberry | Qnx Momentics Tool Suite | 4.5 | All | All | All |
| Application | Blackberry | Qnx Momentics Tool Suite | 4.6 | All | All | All |
| Application | Blackberry | Qnx Momentics Tool Suite | 4.7 | All | All | All |
| Application | Blackberry | Qnx Momentics Tool Suite | 6.5.0 | All | All | All |
| Application | Blackberry | Qnx Momentics Tool Suite | All | sp1 | All | All |
| Operating System | Blackberry | Qnx Neutrino Rtos | 6.4.1 | All | All | All |
| Operating System | Blackberry | Qnx Neutrino Rtos | 6.5.0 | All | All | All |
| Operating System | Blackberry | Qnx Neutrino Rtos | 6.4.1 | All | All | All |
| Operating System | Blackberry | Qnx Neutrino Rtos | 6.5.0 | All | All | All |
| Operating System | Blackberry | Qnx Neutrino Rtos | All | sp1 | All | All |
| Application | Blackberry | Qnx Software Development Platform | - | All | All | All |
| Application | Blackberry | Qnx Software Development Platform | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| QNX Multiple Vulnerabilities | ICS-CERT | MISC | ics-cert.us-cert.gov | Patch, US Government Resource |
| aluigi.altervista.org/adv/qnxph_1-adv.txt | MISC | aluigi.altervista.org | Exploit |
| QNX Download Center | CONFIRM | www.qnx.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.