Main Vulnerability Database Vulnerabilities #VU41584

Format string error in BOINC - CVE-2013-7386

Published: June 2, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41584

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-7386

CWE-ID: CWE-134

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: University of California, Berkeley

Affected software:
BOINC

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.

How to mitigate CVE-2013-7386

Install update from vendor's website.

Sources

http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=99258dcecba8ef36e1ce0fd6e0dacffe53613ac9
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125125.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/125128.html
http://www.openwall.com/lists/oss-security/2013/04/28/3
https://bugzilla.redhat.com/show_bug.cgi?id=957795

Format string error in BOINC - CVE-2013-7386

Detailed vulnerability description

How to mitigate CVE-2013-7386

Sources

Please verify you're human