CVE-2013-2688
published 2013-07-12CVE-2013-2688: Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial…
PriorityP434medium5.4CVSS 2.0
AVNACHAuNCNINAC
EPSS
6.66%
93.0th percentile
Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blackberry | qnx_neutrino_rtos | <= 6.5.0 | — |
| blackberry | qnx_neutrino_rtos | — | — |
| blackberry | qnx_neutrino_rtos | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-323w-xf3r-4754: Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6
ghsa_unreviewed·2022-05-17
CVE-2013-2688 [MEDIUM] CWE-119 GHSA-323w-xf3r-4754: Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6
Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868 that leverage improper handling of the /dev/photon device file.
CISA ICS
QNX Multiple Vulnerabilities
cisa_ics·2013-07-08
QNX Multiple Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
QNX Multiple Vulnerabilities
Last RevisedJuly 08, 2013
Alert CodeICSA-13-189-01
## OVERVIEW
Independent researcher Luigi Auriemma identified a stack-based buffer overflow and a buffer copy without checking size of input vulnerabilities in QNX’s Phrelay, Phwindows, and Phditto products without coordination with ICS-CERT, the vendor, or any other coordinating entity known to ICS-CERT. QNX has produced a patch that mitigates these vulnerabilities. Luigi Auriemma has confirmed that the patch resolves the reported vulnerabilities.
Proof-of-concept code has been publicly released tha
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/qnxph_1-adv.txthttp://ics-cert.us-cert.gov/advisories/ICSA-13-189-01http://www.qnx.com/download/feature.html?programid=24850http://aluigi.altervista.org/adv/qnxph_1-adv.txthttp://ics-cert.us-cert.gov/advisories/ICSA-13-189-01http://www.qnx.com/download/feature.html?programid=24850
2013-07-12
Published