Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1650Out-of-bounds Read in Server

CWE-264CWE-125Out-of-bounds ReadCWE-456Missing Initialization of a VariableCWE-787Out-of-bounds Write14 documents6 sources
Severity
2.1LOWNVD
EPSS
0.6%
top 30.84%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Open-xchange Server
Timeline
PublishedSep 5
Latest updateMay 17

Description

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDopen-xchange/open-xchange_server6.20.7, 6.22.0, 6.22.1+2

🔴Vulnerability Details

2
GHSA
GHSA-q4qr-fcpc-m3j6: Open-Xchange Server before 62022-05-17
CVEList
CVE-2013-1650: Open-Xchange Server before 62013-09-05

💥Exploits & PoCs

2
Exploit-DB
Google Chrome < 31.0.1650.48 - HTTP 1xx base::String­Tokenizer­T<...>::Quick­Get­Next Out-of-Bounds Read2016-12-19
Exploit-DB
Open-Xchange Server 6 - Multiple Vulnerabilities2013-03-15

📋Vendor Advisories

5
Red Hat
v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc2013-12-04
Red Hat
v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc2013-12-04
Red Hat
v8: multiple buffer overflows in runtime.cc2013-12-04
Red Hat
libjpeg: information leak (read of uninitialized memory)2013-11-12
Red Hat
libjpeg: information leak (read of uninitialized memory)2013-11-12

💬Community

4
Bugzilla
CVE-2013-6638 v8: multiple buffer overflows in runtime.cc2013-12-10
Bugzilla
CVE-2013-6640 v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc2013-12-10
Bugzilla
CVE-2013-6639 v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc2013-12-10
Bugzilla
CVE-2013-6631 libjingle: use-after-free flaw2013-11-18
CVE-2013-1650 — Out-of-bounds Read in Server | cvebase