Search criteria
3 vulnerabilities found for qnx_momentics_tool_suite by blackberry
FKIE_CVE-2013-2687
Vulnerability from fkie_nvd - Published: 2013-07-12 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_momentics_tool_suite | * | |
| blackberry | qnx_momentics_tool_suite | 4.5 | |
| blackberry | qnx_momentics_tool_suite | 4.6 | |
| blackberry | qnx_momentics_tool_suite | 4.7 | |
| blackberry | qnx_momentics_tool_suite | 6.5.0 | |
| blackberry | qnx_software_development_platform | - | |
| blackberry | qnx_neutrino_rtos | * | |
| blackberry | qnx_neutrino_rtos | 6.4.1 | |
| blackberry | qnx_neutrino_rtos | 6.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1F184BC9-8E64-4976-8E3A-F6FF4C1593DB",
"versionEndIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A796624B-7F7A-4A92-B83E-D592096B9753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "97DA1B48-77C6-4C30-816E-B0BC2FEF3401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "856700E9-717A-4CE1-A451-23090ACC0A56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics_tool_suite:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7819F1A5-3519-4EEF-895D-B76A452BD4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F053696-43DE-40F3-933F-8C01721D3D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3CF6AE0F-3167-47A8-9727-89DC0133C0B4",
"versionEndIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4476D9C6-C77C-4420-A629-38A8FA195640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19D877E0-F8F1-434F-97F3-1DD32883FA77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n bpe_decompress en (1) BlackBerry QNX Neutrino RTOS hasta v6.5.0 SP1 y (2) QNX Momentics Tool Suite hasta v6.5.0 SP1 en QNX Software Development Platform, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicacion) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de paquetes sobre el puerto TCP 4868 manipulados."
}
],
"id": "CVE-2013-2687",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-12T16:55:01.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-2687 (GCVE-0-2013-2687)
Vulnerability from cvelistv5 – Published: 2013-07-12 16:00 – Updated: 2024-09-17 03:33
VLAI?
Summary
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"name": "http://www.qnx.com/download/feature.html?programid=24850",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2687",
"datePublished": "2013-07-12T16:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-17T03:33:05.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2687 (GCVE-0-2013-2687)
Vulnerability from nvd – Published: 2013-07-12 16:00 – Updated: 2024-09-17 03:33
VLAI?
Summary
Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted packets to TCP port 4868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/qnxph_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01"
},
{
"name": "http://www.qnx.com/download/feature.html?programid=24850",
"refsource": "CONFIRM",
"url": "http://www.qnx.com/download/feature.html?programid=24850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2687",
"datePublished": "2013-07-12T16:00:00Z",
"dateReserved": "2013-03-25T00:00:00Z",
"dateUpdated": "2024-09-17T03:33:05.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}