Buffer overflow in Blackberry Qnx_momentics_tool_suite

CVE-2013-2687

Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a…

Vulnerability class: Buffer Overflow

EPSS: 0.037 (88.1th percentile) — read the EPSS interpretation.

Affected products

Blackberry Qnx_momentics_tool_suite — versions 4.5, 4.6, 4.7
Blackberry Qnx_neutrino_rtos — versions 6.4.1, 6.5.0
Blackberry Qnx_software_development_platform
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (US Government Resource, Patch, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Patch)