Stack-based Buffer Overflow in BlackBerry QNX Neutrino RTOS and QNX Momentics Tool Suite
CVE-2013-2687

Currently unrated

Key Information:

Vendor: Blackberry
Status: Qnx Momentics Tool Suite; Qnx Software Development Platform; Qnx Neutrino Rtos
Vendor: CVE Published:; 12 July 2013

What is CVE-2013-2687?

The vulnerability exists in the bpe_decompress function of BlackBerry's QNX Neutrino RTOS and QNX Momentics Tool Suite versions through 6.5.0 SP1. It allows remote attackers to send specifically crafted packets to TCP port 4868, potentially leading to application crashes or arbitrary code execution. This poses significant risks to system integrity and confidentiality, making it crucial for organizations utilizing these platforms to implement necessary security measures.

References

http://aluigi.altervista.org/adv/qnxph_1-adv.txt

x_refsource_MISC

http://ics-cert.us-cert.gov/advisories/ICSA-13-189-01

x_refsource_MISC

http://www.qnx.com/download/feature.html?programid=24850

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 12, 2013

Blackberry

What is CVE-2013-2687?

References

Timeline