Vulnerability Description
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blackberry | Qnx Momentics Tool Suite | <= 6.5.0 |
| Blackberry | Qnx Software Development Platform | - |
| Blackberry | Qnx Neutrino Rtos | <= 6.5.0 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/qnxph_1-adv.txtExploit
- http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01PatchUS Government Resource
- http://www.qnx.com/download/feature.html?programid=24850Patch
- http://aluigi.altervista.org/adv/qnxph_1-adv.txtExploit
- http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01PatchUS Government Resource
- http://www.qnx.com/download/feature.html?programid=24850Patch
FAQ
What is CVE-2013-2687?
CVE-2013-2687 is a vulnerability with a CVSS score of 7.8 (HIGH). Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Plat...
How severe is CVE-2013-2687?
CVE-2013-2687 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2687?
Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Qnx Momentics Tool Suite, Blackberry Qnx Software Development Platform, Blackberry Qnx Neutrino Rtos.