VulnerableCode Vulnerability Details - VCID-189a-yyhy-q7ds

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-189a-yyhy-q7ds

Essentials
Severities (4)
References (13)
Severity details (1)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-189a-yyhy-q7ds
Aliases	CVE-2013-6438
Summary	XML parsing code in mod_dav incorrectly calculates the end of the string when removing leading spaces and places a NUL character outside the buffer, causing random crashes. This XML parsing code is only used with DAV provider modules that support DeltaV, of which the only publicly released provider is mod_dav_svn.
Status	Published
Exploitability	0.5
Weighted Severity	4.8
Risk	2.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

System	Score	Found at
epss	0.39561	https://api.first.org/data/v1/epss?cve=CVE-2013-6438
epss	0.39561	https://api.first.org/data/v1/epss?cve=CVE-2013-6438
epss	0.39561	https://api.first.org/data/v1/epss?cve=CVE-2013-6438
apache_httpd	moderate	https://httpd.apache.org/security/json/CVE-2013-6438.json

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6438.json
		https://api.first.org/data/v1/epss?cve=CVE-2013-6438
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
1077867		https://bugzilla.redhat.com/show_bug.cgi?id=1077867
CVE-2013-6438		https://httpd.apache.org/security/json/CVE-2013-6438.json
GLSA-201408-12		https://security.gentoo.org/glsa/201408-12
RHSA-2014:0369		https://access.redhat.com/errata/RHSA-2014:0369
RHSA-2014:0370		https://access.redhat.com/errata/RHSA-2014:0370
RHSA-2014:0783		https://access.redhat.com/errata/RHSA-2014:0783
RHSA-2014:0784		https://access.redhat.com/errata/RHSA-2014:0784
RHSA-2014:0825		https://access.redhat.com/errata/RHSA-2014:0825
RHSA-2014:0826		https://access.redhat.com/errata/RHSA-2014:0826
USN-2152-1		https://usn.ubuntu.com/2152-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.97382
EPSS Score	0.39561
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:53:42.548360+00:00	Apache HTTPD Importer	Import	https://httpd.apache.org/security/json/CVE-2013-6438.json	38.6.0