CVE-2013-7386 - OpenCVE

Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rom Walton	Boinc

Configuration 1 [-]

cpe:2.3:a:rom_walton:boinc:7.2.33:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html
http://www.openwall.com/lists/oss-security/2013/04/28/3
https://bugzilla.redhat.com/show_bug.cgi?id=957795

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-06-02T15:00:00Z

Updated: 2024-09-16T17:47:59.746Z

Reserved: 2014-06-02T00:00:00Z

Link: CVE-2013-7386

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-06-02T15:55:11.060

Modified: 2023-11-07T02:18:02.727

Link: CVE-2013-7386

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-06-02T15:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=957795"}, {"name": "FEDORA-2013-23734", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9"}, {"name": "FEDORA-2013-23720", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7386", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=957795", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=957795"}, {"name": "FEDORA-2013-23734", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"}, {"name": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9", "refsource": "CONFIRM", "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9"}, {"name": "FEDORA-2013-23720", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:09:16.408Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20130428 Multiple vulnerabilities in BOINC", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=957795"}, {"name": "FEDORA-2013-23734", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9"}, {"name": "FEDORA-2013-23720", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7386", "datePublished": "2014-06-02T15:00:00Z", "dateReserved": "2014-06-02T00:00:00Z", "dateUpdated": "2024-09-16T17:47:59.746Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rom_walton:boinc:7.2.33:*:*:*:*:*:*:*", "matchCriteriaId": "5B76EAC5-808A-4CDA-A495-A3EFA0BD8379", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file."}, {"lang": "es", "value": "Vulnerabilidad de cadena de formato en la funci\u00f3n PROJECT::write_account_file en client/cs_account.cpp en BOINC, posiblemente 7.2.33, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de especificadores de cadena de formato en el art\u00edculo gui_urls en un archivo de cuenta."}], "id": "CVE-2013-7386", "lastModified": "2023-11-07T02:18:02.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-02T15:55:11.060", "references": [{"source": "cve@mitre.org", "url": "http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2013/04/28/3"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=957795"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}