Vulnerability Details : CVE-2011-5268
connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue.
Vulnerability category: Denial of service
Products affected by CVE-2011-5268
- cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:a:duckcorp:bip:*:*:*:*:*:*:*:*
- cpe:2.3:a:duckcorp:bip:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:duckcorp:bip:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:duckcorp:bip:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:duckcorp:bip:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:duckcorp:bip:0.8.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:duckcorp:bip:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:duckcorp:bip:0.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:duckcorp:bip:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:duckcorp:bip:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:duckcorp:bip:0.8.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-5268
0.89%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-5268
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-5268
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-5268
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121868.html
[SECURITY] Fedora 20 Update: bip-0.8.9-1.fc20
-
https://projects.duckcorp.org/issues/261
Bug #261: Failed SSL handshake causes bip to write to a random socket, and never close the connection - Bip - DuckCorp ProjectsPatch
-
https://projects.duckcorp.org/versions/13
0.8.9 - Bip - DuckCorp Projects
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122274.html
[SECURITY] Fedora 19 Update: bip-0.8.9-1.fc19
-
http://www.openwall.com/lists/oss-security/2014/01/02/9
oss-security - Re: Duplicated CVE assignment for bip
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122278.html
[SECURITY] Fedora 18 Update: bip-0.8.9-1.fc18
Jump to