Debian Boinc vulnerabilities

6 known vulnerabilities affecting debian/boinc.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM1LOW5

Vulnerabilities

Page 1 of 1

CVE-2013-7386LOWCVSS 5.0fixed in boinc 7.1.10+dfsg-1 (bookworm)2013

CVE-2013-7386 [MEDIUM] CVE-2013-7386: boinc - Format string vulnerability in the PROJECT::write_account_file function in clien... Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file. Scope: local bookworm: resolved (fixed in 7.1.10+dfsg-1) bullseye: resolved (fix

CVE-2013-2298LOWCVSS 9.3fixed in boinc 7.0.65+dfsg-1 (bookworm)2013

CVE-2013-2298 [CRITICAL] CVE-2013-2298: boinc - Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attac... Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler. Scope: local bookworm: resolved (fixed in 7.0.65+dfsg-1) bullseye: resolved (fixed in 7.0.65+dfsg-1) forky: resolved (fixed in 7.0.65+dfsg-1) sid: resolved (fixed in 7.0.65+dfsg-1) trixie: resolved (fixed i

CVE-2013-2018LOWCVSS 9.8fixed in boinc 7.0.65+dfsg-1 (bookworm)2013

CVE-2013-2018 [CRITICAL] CVE-2013-2018: boinc - Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execut... Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Scope: local bookworm: resolved (fixed in 7.0.65+dfsg-1) bullseye: resolved (fixed in 7.0.65+dfsg-1) forky: resolved (fixed in 7.0.65+dfsg-1) sid: resolved (fixed in 7.0.65+dfsg-1) trixie: resolved (fixed in 7.0.65+dfsg-1)

CVE-2013-2019LOWCVSS 9.3fixed in boinc 6.13.6+dfsg-1 (bookworm)2013

CVE-2013-2019 [CRITICAL] CVE-2013-2019: boinc - Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers... Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements. Scope: local bookworm: resolved (fixed in 6.13.6+dfsg-1) bullseye: resolved (fixed in 6.13.6+dfsg-1) forky: resolved (fixed in 6.13.6+dfsg-1) sid: resolved (fixed in 6.13.6+dfsg-1) trixie: resolved (fixed in 6.13.6+dfsg-1)

CVE-2011-5280LOWCVSS 5.0fixed in boinc 7.0.2+dfsg-1 (bookworm)2011

CVE-2011-5280 [MEDIUM] CVE-2011-5280: boinc - Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to ... Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp. Scope: local bookworm: resolved (fixed in 7.0.2+dfsg-1) bullseye: resolved (fixed in 7.0.2+dfsg-1) forky: resolved (fixed in 7.0.2+dfsg-1) sid: resolved (fixed in 7.0.2+dfsg-1) trixi

CVE-2009-0126MEDIUMCVSS 5.8fixed in boinc 6.2.14-3 (bookworm)2009

CVE-2009-0126 [MEDIUM] CVE-2009-0126: boinc - The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infr... The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. S