CVE-2013-2687
published 2013-07-12CVE-2013-2687: Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0…
PriorityP344high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
8.22%
94.2th percentile
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blackberry | qnx_momentics_tool_suite | <= 6.5.0 | — |
| blackberry | qnx_momentics_tool_suite | — | — |
| blackberry | qnx_momentics_tool_suite | — | — |
| blackberry | qnx_momentics_tool_suite | — | — |
| blackberry | qnx_momentics_tool_suite | — | — |
| blackberry | qnx_neutrino_rtos | <= 6.5.0 | — |
| blackberry | qnx_neutrino_rtos | — | — |
| blackberry | qnx_neutrino_rtos | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mmcg-jjwv-h488: Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6
ghsa_unreviewed·2022-05-17
CVE-2013-2687 [HIGH] CWE-119 GHSA-mmcg-jjwv-h488: Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
CISA ICS
QNX Multiple Vulnerabilities
cisa_ics·2013-07-08
QNX Multiple Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
QNX Multiple Vulnerabilities
Last RevisedJuly 08, 2013
Alert CodeICSA-13-189-01
## OVERVIEW
Independent researcher Luigi Auriemma identified a stack-based buffer overflow and a buffer copy without checking size of input vulnerabilities in QNX’s Phrelay, Phwindows, and Phditto products without coordination with ICS-CERT, the vendor, or any other coordinating entity known to ICS-CERT. QNX has produced a patch that mitigates these vulnerabilities. Luigi Auriemma has confirmed that the patch resolves the reported vulnerabilities.
Proof-of-concept code has been publicly released tha
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/qnxph_1-adv.txthttp://ics-cert.us-cert.gov/advisories/ICSA-13-189-01http://www.qnx.com/download/feature.html?programid=24850http://aluigi.altervista.org/adv/qnxph_1-adv.txthttp://ics-cert.us-cert.gov/advisories/ICSA-13-189-01http://www.qnx.com/download/feature.html?programid=24850
2013-07-12
Published