Vulnerability CVE-2013-1993

Vulnerability Name:

CVE-2013-1993 (CCN-84493)

Assigned:

2013-05-23

Published:

2013-05-23

Updated:

2023-02-13

Summary:

Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-122

Vulnerability Consequences:

Gain Access

References:

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: MITRE
Type: CNA
CVE-2013-1993

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2013-0897
Important: mesa security update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2013-0898
Moderate: mesa security update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SA53558
Mesa Two Integer Overflow Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: DEBIAN
Type: DSA-2678
mesa -- several vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Mesa Web site
Mesa

Source: CCN
Type: oss-sec mailing list, Thu, 23 May 2013 08:10:56 -0700
Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-60149
Mesa libGLX CVE-2013-1993 Multiple Remote Code Execution Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: X.Org Foundation Web site
X.Org Wiki - Home

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
mesa-cve20131993-bo(84493)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-1993

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mesa3d:mesa:9.1.1:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20131993	V	CVE-2013-1993	2022-05-20
oval:org.opensuse.security:def:42259	P	Security update for kernel-firmware (Important)	2022-03-31
oval:org.opensuse.security:def:32290	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:26223	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:31754	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:32251	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:31320	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:31319	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:26178	P	Security update for the Linux Kernel (Important)	2021-12-02
oval:org.opensuse.security:def:26159	P	Security update for systemd (Moderate)	2021-11-04
oval:org.opensuse.security:def:57118	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:33033	P	Security update for python (Moderate)	2021-10-26
oval:org.opensuse.security:def:32202	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:26148	P	Security update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags (Important)	2021-10-15
oval:org.opensuse.security:def:26147	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:33725	P	Security update for webkit2gtk3 (Important)	2021-10-06
oval:org.opensuse.security:def:26134	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:31686	P	Security update for xen (Important)	2021-09-23
oval:org.opensuse.security:def:33008	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:32997	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:32996	P	Security update for xerces-c (Important)	2021-09-03
oval:org.opensuse.security:def:26120	P	Security update for xerces-c (Important)	2021-09-03
oval:org.opensuse.security:def:26114	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:32994	P	Security update for apache2 (Important)	2021-09-02
oval:org.opensuse.security:def:34510	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:32146	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:26081	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:34470	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:33676	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:36070	P	Mesa-32bit-9.0.3-0.28.29.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42477	P	Mesa-32bit-9.0.3-0.28.29.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36361	P	Mesa-devel-32bit-9.0.3-0.28.29.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31629	P	Security update for libwebp (Critical)	2021-06-02
oval:org.opensuse.security:def:31622	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:32095	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:32073	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:26032	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:57192	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:33788	P	Security update for openssl-1_1 (Important)	2021-03-25
oval:org.opensuse.security:def:33087	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:26195	P	Security update for php74 (Important)	2021-02-19
oval:org.opensuse.security:def:26196	P	Security update for ImageMagick (Moderate)	2021-02-19
oval:org.opensuse.security:def:33764	P	Security update for openvswitch (Important)	2021-02-15
oval:org.opensuse.security:def:31331	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:55842	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:32139	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:29426	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:26045	P	Security update for gimp (Moderate)	2021-01-04
oval:org.opensuse.security:def:25979	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:33619	P	Security update for mutt (Important)	2020-12-07
oval:org.opensuse.security:def:35852	P	Mesa-32bit-9.0.3-0.17.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31536	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25606	P	Security update for libjpeg-turbo (Moderate)	2020-12-01
oval:org.opensuse.security:def:26573	P	kernel-default on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29682	P	Security update for ed	2020-12-01
oval:org.opensuse.security:def:32356	P	Security update for squid3 (Important)	2020-12-01
oval:org.opensuse.security:def:25619	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:54998	P	python3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26395	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:54341	P	openslp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33317	P	sblim-sfcb-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26249	P	Security update for libtomcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:27812	P	Security update for LibreOffice	2020-12-01
oval:org.opensuse.security:def:27657	P	Security update for qemu	2020-12-01
oval:org.opensuse.security:def:55723	P	Security update for supportutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:25911	P	Security update for gstreamer-plugins-base (Low)	2020-12-01
oval:org.opensuse.security:def:27283	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31773	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:27324	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28986	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:31405	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:25828	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26589	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29783	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25478	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26489	P	Security update for php7-imagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29633	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:32312	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:54892	P	libmspack0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27596	P	Security update for Mesa	2020-12-01
oval:org.opensuse.security:def:54319	P	libtasn1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33222	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26865	P	apache2-mod_php53 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25823	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:27506	P	libxml on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55649	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:33832	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:25910	P	Security update for gstreamer-0_10-plugins-base (Low)	2020-12-01
oval:org.opensuse.security:def:27155	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26686	P	dhcpcd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25744	P	Security update for djvulibre (Low)	2020-12-01
oval:org.opensuse.security:def:26540	P	enscript on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29739	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32816	P	Mesa-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25414	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26432	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:29579	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26851	P	Mesa-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29198	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:31990	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27561	P	rubygem-rack-1_4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54318	P	libtag1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26826	P	syslog-ng on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25695	P	Security update for gcc9 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27422	P	java-1_7_1-ibm-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55557	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27091	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26642	P	sysstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28529	P	Security update for Mesa	2020-12-01
oval:org.opensuse.security:def:25687	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:26487	P	Security update for redis (Moderate)	2020-12-01
oval:org.opensuse.security:def:27798	P	Security update for libmpfr	2020-12-01
oval:org.opensuse.security:def:32777	P	python-sssd-config on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25403	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32034	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26816	P	radvd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29067	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:31903	P	Security update for fontconfig (Low)	2020-12-01
oval:org.opensuse.security:def:26923	P	jpeg on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31548	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25961	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26777	P	log4net on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55761	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:25631	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:27365	P	Xerces-c on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55449	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:27068	P	Mesa-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27080	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54719	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33462	P	Security update for KDE4 PIM packages	2020-12-01
oval:org.opensuse.security:def:26337	P	Security update for freexl (Low)	2020-12-01
oval:org.opensuse.security:def:28494	P	Security update for openssl1	2020-12-01
oval:org.opensuse.security:def:26336	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27759	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:25402	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:25986	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29341	P	Security update for SUSE Manager Client Tools (Critical)	2020-12-01
oval:org.opensuse.security:def:31985	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28998	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:31846	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:26879	P	cvs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30458	P	Security update for Mesa	2020-12-01
oval:org.opensuse.security:def:31537	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25904	P	Security update for gegl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26724	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29721	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:25620	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:26351	P	Security update for mongodb (Moderate)	2020-12-01
oval:org.opensuse.security:def:55164	P	libFLAC++6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27033	P	star on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27079	P	ant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54481	P	gnome-online-accounts on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33374	P	Security update for compat-openssl097g (Moderate)	2020-12-01
oval:org.opensuse.security:def:26298	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27856	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26252	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27710	P	Security update for bind	2020-12-01
oval:org.opensuse.security:def:25922	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29284	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:31929	P	Security update for glib2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27359	P	Mesa-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28987	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26628	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30421	P	Security update for xorg-x11-libXrender	2020-12-01
oval:org.mitre.oval:def:25825	P	SUSE-SU-2014:0906-1 -- Security update for Mesa	2014-09-15
oval:org.mitre.oval:def:26027	P	SUSE-SU-2013:1098-1 -- Security update for Mesa	2014-09-08
oval:org.mitre.oval:def:25613	P	SUSE-SU-2013:1098-2 -- Security update for Mesa	2014-09-08
oval:org.mitre.oval:def:16898	P	USN-1888-1 -- Mesa vulnerabilities	2014-06-30
oval:org.mitre.oval:def:19978	P	DSA-2678-1 mesa - several	2014-06-23
oval:org.mitre.oval:def:23525	P	ELSA-2013:0898: mesa security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:23674	P	ELSA-2013:0897: mesa security update (Important)	2014-05-26
oval:org.mitre.oval:def:20750	P	RHSA-2013:0898: mesa security update (Moderate)	2014-02-17
oval:org.mitre.oval:def:21213	P	RHSA-2013:0897: mesa security update (Important)	2014-02-17
oval:com.ubuntu.precise:def:20131993000	V	CVE-2013-1993 on Ubuntu 12.04 LTS (precise) - medium.	2013-06-15
oval:com.redhat.rhsa:def:20130897	P	RHSA-2013:0897: mesa security update (Important)	2013-06-03
oval:com.redhat.rhsa:def:20130898	P	RHSA-2013:0898: mesa security update (Moderate)	2013-06-03
oval:org.opensuse.security:def:79826	P	Security update for Mesa	2013-05-31

BACK