CVE-2013-2298 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Boinc

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources

Severity

9.3CRITICALNVD

EPSS

1.6%

top 18.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Universityofcalifornia Boinc Client Debian Boinc

Timeline

PublishedJun 2

Latest updateMay 17

Description

Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/boinc< boinc 7.0.65+dfsg-1 (bookworm)

▶Debianuniversityofcalifornia/boinc_client< 7.0.65+dfsg-1+3

▶NVDuniversityofcalifornia/boinc_client159 versions+158

🔴Vulnerability Details

GHSA

GHSA-pjjf-j58m-gr8m: Multiple stack-based buffer overflows in the XML parser in BOINC 7↗2022-05-17

▶

OSV

CVE-2013-2298: Multiple stack-based buffer overflows in the XML parser in BOINC 7↗2014-06-02

▶

📋Vendor Advisories

Debian

CVE-2013-2298: boinc - Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attac...↗2013

▶

💬Community

Bugzilla

CVE-2013-2298 boinc-client various flaws [fedora-all]↗2013-04-29

▶

Bugzilla

CVE-2013-2298 boinc-client various flaws [epel-6]↗2013-04-29

▶

Bugzilla

CVE-2013-2298 boinc-client: Multiple stack overflow flaws when parsing XML files↗2013-04-29

▶