CVE-2013-4550

2013-12-2418:55:03

CWE-310

[email protected]

web.nvd.nist.gov

bip

cve-2013-4550

ssl handshake

security vulnerability

remote attackers

nvd

6.6 Medium

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch18

fedoraprojectfedoraMatch19

fedoraprojectfedoraMatch20

Node

duckcorpbipRange≤0.8.8

duckcorpbipMatch0.8.0

duckcorpbipMatch0.8.0rc0

duckcorpbipMatch0.8.0rc1

duckcorpbipMatch0.8.1

duckcorpbipMatch0.8.2

duckcorpbipMatch0.8.3

duckcorpbipMatch0.8.4

duckcorpbipMatch0.8.5

duckcorpbipMatch0.8.6

duckcorpbipMatch0.8.7

CPENameOperatorVersion
fedoraproject:fedorafedoraproject fedoraeq18
fedoraproject:fedorafedoraproject fedoraeq19
fedoraproject:fedorafedoraproject fedoraeq20