VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 2, 2014· Updated May 6, 2026

CVE-2013-2298

CVE-2013-2298

Description

Stack-based buffer overflows in BOINC 7.x XML parser allow attackers to cause unspecified impact via crafted XML file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stack-based buffer overflows in BOINC 7.x XML parser allow attackers to cause unspecified impact via crafted XML file.

Vulnerability

Multiple stack-based buffer overflows exist in the XML parser used by BOINC 7.x (any version in the 7.x branch is vulnerable) [1]. The overflows occur when parsing specially crafted XML files, specifically related to the scheduler component. The vulnerability is present in both client and server software, but client-only systems are at risk if they connect to a malicious server.

Exploitation

An attacker must control a BOINC server (or be able to inject crafted XML into a trusted server's responses). The victim's BOINC client, when connecting to the hostile server, receives a malicious XML file. Parsing this file triggers a stack-based buffer overflow due to insufficient bounds checking. No authentication is required from the client side, as the client trusts the server's data.

Impact

Successful exploitation results in a stack-based buffer overflow, which can lead to arbitrary code execution at the privilege level of the BOINC process. The exact impact is unspecified in the reference, but typical overflow exploitation can allow an attacker to overwrite return addresses and execute arbitrary code, potentially compromising the entire BOINC client system.

Mitigation

According to the discoverer, the major BOINC projects had hopefully fixed these vulnerabilities by late April 2013 [1]. Users should upgrade to the latest available version of BOINC (beyond 7.x). The exact fixed version is not specified, but any version after the commit that addressed the issue is safe. Fedora package updates were also announced in December 2013 [2][3], indicating that distributions have released patches. There are no known workarounds other than upgrading.

References
  1. security - Multiple vulnerabilities in BOINC
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

160
  • Berkeley/Boinc Client159 versions
    cpe:2.3:a:universityofcalifornia:boinc_client:7.0:*:*:*:*:*:*:*+ 158 more
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.22:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.23:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.24:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.26:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.27:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.29:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.30:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.32:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.33:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.34:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.35:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.36:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.45:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.46:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.47:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.48:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.49:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.50:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.51:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.52:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.53:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.54:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.55:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.56:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.57:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.58:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.59:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.60:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.61:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.62:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.63:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.64:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.65:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.66:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.67:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.68:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.69:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.70:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.71:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.72:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.73:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.74:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.75:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.76:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.77:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.78:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.79:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.80:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.18:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.19:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.20:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.21:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.12:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.13:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.14:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.15:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.16:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.17:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.18:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.19:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.20:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.21:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.22:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.23:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.24:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.25:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.26:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.27:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.28:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.29:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.31:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.32:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.33:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.34:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.35:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.36:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.37:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.38:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.39:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.40:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.41:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.42:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.43:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.44:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.47:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.13:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.14:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.15:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.16:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.17:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.18:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.19:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:universityofcalifornia:boinc_client:7.3.9:*:*:*:*:*:*:*
  • Boinc/Boincllm-fuzzy
    Range: 7.x

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.