CVE-2013-2064

Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html	Third Party Advisory
http://www.debian.org/security/2013/dsa-2686	Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/05/23/3	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Vendor Advisory
http://www.securityfocus.com/bid/60148
http://www.ubuntu.com/usn/USN-1855-1	Third Party Advisory
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:debian:debian_linux:6.0:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:oracle:secure_global_desktop:4.71:::::::*
	cpe:2.3:a:oracle:secure_global_desktop:5.2:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*

Configuration 5 (hide)

cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*

Configuration 6 (hide)

OR	cpe:2.3:a:x:libxcb::::::::
	cpe:2.3:a:x:libxcb:1.1.90.1:::::::*
	cpe:2.3:a:x:libxcb:1.1.91:::::::*
	cpe:2.3:a:x:libxcb:1.1.92:::::::*
	cpe:2.3:a:x:libxcb:1.1.93:::::::*
	cpe:2.3:a:x:libxcb:1.2:::::::*
	cpe:2.3:a:x:libxcb:1.3:::::::*
	cpe:2.3:a:x:libxcb:1.4:::::::*
	cpe:2.3:a:x:libxcb:1.5:::::::*
	cpe:2.3:a:x:libxcb:1.6:::::::*
	cpe:2.3:a:x:libxcb:1.7:::::::*
	cpe:2.3:a:x:libxcb:1.8:::::::*
	cpe:2.3:a:x:libxcb:1.8.1:::::::*

History

No history.

Information

Published : 2013-06-15 19:55

Updated : 2018-10-30 16:27

NVD link : CVE-2013-2064

Mitre link : CVE-2013-2064

CVE.ORG link : CVE-2013-2064

JSON object : View

Products Affected

libxcb

canonical

ubuntu_linux

fedoraproject

fedora

opensuse

opensuse

debian

debian_linux

oracle

secure_global_desktop

CWE

CWE-189

Numeric Errors

{"id": "CVE-2013-2064", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-06-15T19:55:01.233", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2013/dsa-2686", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/05/23/3", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/60148", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1855-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function."}, {"lang": "es", "value": "Desbordamiento de entero en X.org libxcb v1.9 y anteriores permite a los servidores X activar la asignaci\u00f3n de memoria insuficiente y provocar un desbordamiento de b\u00fafer a trav\u00e9s de vectores relacionados con la funci\u00f3n read_packet."}], "lastModified": "2018-10-30T16:27:34.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:secure_global_desktop:4.71:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E7F2CF7-CCB3-4EB7-AE44-637C12D97428"}, {"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F94A303-B4A1-4E65-B6C4-9A7E04DAED0C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:x:libxcb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C811EE78-FA2E-424E-9CF7-771E704591E3", "versionEndIncluding": "1.9"}, {"criteria": "cpe:2.3:a:x:libxcb:1.1.90.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4062F366-7250-492C-A195-8CC9514E796A"}, {"criteria": "cpe:2.3:a:x:libxcb:1.1.91:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F522BB3-4DA8-443F-AA61-789E71F991AE"}, {"criteria": "cpe:2.3:a:x:libxcb:1.1.92:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72EA4E62-1739-4119-AC6D-93572D9CCDF9"}, {"criteria": "cpe:2.3:a:x:libxcb:1.1.93:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E870A1DF-9FFD-441C-A2BE-0222D4BB2547"}, {"criteria": "cpe:2.3:a:x:libxcb:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B6BABE2-A245-4562-B40E-A718B6F376E2"}, {"criteria": "cpe:2.3:a:x:libxcb:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D796C97-381D-4D92-BACE-42977523F93A"}, {"criteria": "cpe:2.3:a:x:libxcb:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65FA9A18-C0D5-47AC-AD15-8747930A97DC"}, {"criteria": "cpe:2.3:a:x:libxcb:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "741C52CA-469F-4E0B-B42D-38BC123B05BB"}, {"criteria": "cpe:2.3:a:x:libxcb:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F505D7C-9644-4B0C-B750-ACA2B5AB6422"}, {"criteria": "cpe:2.3:a:x:libxcb:1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1F0750D-C826-457A-954E-5ACC5181009B"}, {"criteria": "cpe:2.3:a:x:libxcb:1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6F0C368-F4EC-46CB-8EF2-9B31BE0E4B33"}, {"criteria": "cpe:2.3:a:x:libxcb:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A399828-BB23-4DD7-A4EB-A952DA9B0CF2"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

6.8 /10