Lucene search

[email protected]CVE-2013-3667

HistoryDec 31, 2013 - 8:55 p.m.

CVE-2013-3667

2013-12-3120:55:15

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-3667

software update

security vulnerability

bare bones software

yojimbo

textwrangler

bbedit

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

JSON

The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform “tampering or corruption” of the updates.

Affected configurations

NVD

Node

barebonestextwranglerRange≤4.5.2

barebonestextwranglerMatch2.3

barebonestextwranglerMatch3.0

barebonestextwranglerMatch3.1

barebonestextwranglerMatch3.5

barebonestextwranglerMatch3.5.1

barebonestextwranglerMatch3.5.3

barebonestextwranglerMatch4.0

barebonestextwranglerMatch4.0.1

barebonestextwranglerMatch4.5

barebonestextwranglerMatch4.5.1

Node

barebonesbbeditRange≤10.5.4

barebonesbbeditMatch10.0

barebonesbbeditMatch10.0.1

barebonesbbeditMatch10.1

barebonesbbeditMatch10.1.1

barebonesbbeditMatch10.1.2

barebonesbbeditMatch10.5

barebonesbbeditMatch10.5.1

barebonesbbeditMatch10.5.2

barebonesbbeditMatch10.5.3

Node

barebonesyojimboRange≤3.0.4

barebonesyojimboMatch1.4

barebonesyojimboMatch1.4.1

barebonesyojimboMatch1.4.2

barebonesyojimboMatch1.5

barebonesyojimboMatch1.5.1

barebonesyojimboMatch1.5.2

barebonesyojimboMatch2.0

barebonesyojimboMatch2.1

barebonesyojimboMatch2.2

barebonesyojimboMatch3.0

barebonesyojimboMatch3.0.1

barebonesyojimboMatch3.0.2

barebonesyojimboMatch3.0.3

CPENameOperatorVersion
barebones:textwranglerbarebones textwranglerle4.5.2
barebones:textwranglerbarebones textwranglereq2.3
barebones:textwranglerbarebones textwranglereq3.0
barebones:textwranglerbarebones textwranglereq3.1
barebones:textwranglerbarebones textwranglereq3.5
barebones:textwranglerbarebones textwranglereq3.5.1
barebones:textwranglerbarebones textwranglereq3.5.3
barebones:textwranglerbarebones textwranglereq4.0
barebones:textwranglerbarebones textwranglereq4.0.1
barebones:textwranglerbarebones textwranglereq4.5

CPE	Name	Operator	Version
barebones:textwrangler	barebones textwrangler	le	4.5.2
barebones:textwrangler	barebones textwrangler	eq	2.3
barebones:textwrangler	barebones textwrangler	eq	3.0
barebones:textwrangler	barebones textwrangler	eq	3.1
barebones:textwrangler	barebones textwrangler	eq	3.5
barebones:textwrangler	barebones textwrangler	eq	3.5.1
barebones:textwrangler	barebones textwrangler	eq	3.5.3
barebones:textwrangler	barebones textwrangler	eq	4.0
barebones:textwrangler	barebones textwrangler	eq	4.0.1
barebones:textwrangler	barebones textwrangler	eq	4.5

Rows per page:

1-10 of 111

References

www.barebones.com/support/bbedit/arch_bbedit1055.html

www.barebones.com/support/textwrangler/notes_tw453.html

www.barebones.com/support/yojimbo/arch_yojimbo40.html

groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

JSON

Related for CVE-2013-3667

prion1 nvd1 cvelist1 seebug1