CVE-2013-2019Improper Restriction of Operations within the Bounds of a Memory Buffer in Boinc

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-502Deserialization of Untrusted DataCWE-94Code InjectionCWE-476NULL Pointer Dereference25 documents14 sources
Severity
9.3CRITICALNVD
GHSA9.8
EPSS
1.7%
top 17.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
24
Universityofcalifornia Boinc ClientDebian BoincMsrc Microsoft Exchange Server 2010 Service Pack 3+21 more
Timeline
PublishedJun 2
Latest updateMay 2

Description

Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages25 packages

debiandebian/boinc< boinc 6.13.6+dfsg-1 (bookworm)
Debianuniversityofcalifornia/boinc_client< 6.13.6+dfsg-1+3
NVDuniversityofcalifornia/boinc_client6.10.58, 6.12.34+1

🔴Vulnerability Details

3
GHSA
GHSA-qhx9-f5x8-c543: Stack-based buffer overflow in BOINC 62022-05-17
GHSA
Deserialization of Untrusted Data and Code Injection in xstream2019-07-26
OSV
CVE-2013-2019: Stack-based buffer overflow in BOINC 62014-06-02

💥Exploits & PoCs

1
Metasploit
Microsoft Exchange ProxyLogon Collector

📋Vendor Advisories

4
Red Hat
kernel: i40e: Fix kernel crash during reboot when adapter is in recovery mode2025-05-02
Microsoft
Microsoft Exchange Server Remote Code Execution Vulnerability2021-03-09
Red Hat
struts2: remote command execution due to flaw in the includeParams attribute of URL and Anchor tags2013-05-22
Debian
CVE-2013-2019: boinc - Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers...2013

💬Community

1
Bugzilla
CVE-2013-2019 boinc-client: Stack-overflow by processing XML element with multiple file signatures2013-04-29