CVE-2011-5268

2013-12-2419:55:06

CWE-310

[email protected]

web.nvd.nist.gov

cve-2011-5268

bip

denial of service

file descriptor

ssl handshake

nvd

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue.

Affected configurations

NVD

Node

duckcorpbipRange≤0.8.8

duckcorpbipMatch0.8.0

duckcorpbipMatch0.8.0rc0

duckcorpbipMatch0.8.0rc1

duckcorpbipMatch0.8.1

duckcorpbipMatch0.8.2

duckcorpbipMatch0.8.3

duckcorpbipMatch0.8.4

duckcorpbipMatch0.8.5

duckcorpbipMatch0.8.6

duckcorpbipMatch0.8.7

Node

fedoraprojectfedoraMatch18

fedoraprojectfedoraMatch19

fedoraprojectfedoraMatch20

CPENameOperatorVersion
duckcorp:bipduckcorp biple0.8.8
duckcorp:bipduckcorp bipeq0.8.0
duckcorp:bipduckcorp bipeq0.8.1
duckcorp:bipduckcorp bipeq0.8.2
duckcorp:bipduckcorp bipeq0.8.3
duckcorp:bipduckcorp bipeq0.8.4
duckcorp:bipduckcorp bipeq0.8.5
duckcorp:bipduckcorp bipeq0.8.6
duckcorp:bipduckcorp bipeq0.8.7

CPE	Name	Operator	Version
duckcorp:bip	duckcorp bip	le	0.8.8
duckcorp:bip	duckcorp bip	eq	0.8.0
duckcorp:bip	duckcorp bip	eq	0.8.1
duckcorp:bip	duckcorp bip	eq	0.8.2
duckcorp:bip	duckcorp bip	eq	0.8.3
duckcorp:bip	duckcorp bip	eq	0.8.4
duckcorp:bip	duckcorp bip	eq	0.8.5
duckcorp:bip	duckcorp bip	eq	0.8.6
duckcorp:bip	duckcorp bip	eq	0.8.7