CVE-2013-2298

critical

Description

Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/83931

http://www.securityfocus.com/bid/59539

http://www.openwall.com/lists/oss-security/2013/04/28/3

http://thread.gmane.org/gmane.comp.distributed.boinc.user/3741

http://secunia.com/advisories/53192

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html

http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git%3Ba=commitdiff%3Bh=2fea03824925cbcb976f4191f4d8321e41a4d95b

Details

Source: Mitre, NVD

Published: 2014-06-02

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01999

Detections

Analytics