CVE-2011-5280
Description
Stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service via a long trickle-up message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service via a long trickle-up message.
Vulnerability
CVE-2011-5280 describes multiple stack-based buffer overflow vulnerabilities in BOINC 6.13.x. The flaws exist in the client/cs_trickle.cpp and db/db_base.cpp files, where a long trickle-up message can overflow a stack buffer. The vulnerability is reachable when the client is connected to a hostile server [1].
Exploitation
An attacker must operate a malicious server that sends a crafted trickle-up message with an excessively long payload to the vulnerable BOINC client. No authentication is required beyond the attacker controlling the server to which the client connects. The attack does not require user interaction beyond the client being connected to the malicious server [1].
Impact
Successful exploitation causes a stack-based buffer overflow, leading to a crash (denial of service). The impact is limited to availability; there is no evidence of code execution in the available references [1].
Mitigation
Not disclosed in the available references. Users should update to a BOINC version newer than 6.13.x, as later versions are not affected [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3cpe:2.3:a:universityofcalifornia:boinc_client:6.13.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:universityofcalifornia:boinc_client:6.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:universityofcalifornia:boinc_client:6.13.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.