Vulnerability Description
Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.
CVSS Score
9.3
HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Universityofcalifornia | Boinc Client | 7.0 |
Related Weaknesses (CWE)
References
- http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=2fea03824925
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.h
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.h
- http://secunia.com/advisories/53192
- http://thread.gmane.org/gmane.comp.distributed.boinc.user/3741
- http://www.openwall.com/lists/oss-security/2013/04/28/3
- http://www.securityfocus.com/bid/59539
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83931
- http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=2fea03824925
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.h
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.h
- http://secunia.com/advisories/53192
- http://thread.gmane.org/gmane.comp.distributed.boinc.user/3741
- http://www.openwall.com/lists/oss-security/2013/04/28/3
- http://www.securityfocus.com/bid/59539
FAQ
What is CVE-2013-2298?
CVE-2013-2298 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.
How severe is CVE-2013-2298?
CVE-2013-2298 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2298?
Check the references section above for vendor advisories and patch information. Affected products include: Universityofcalifornia Boinc Client.