Vulnerability Details : CVE-2013-3667
The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates.
Vulnerability category: Input validation
Products affected by CVE-2013-3667
- cpe:2.3:a:barebones:textwrangler:*:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:textwrangler:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:textwrangler:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:textwrangler:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:textwrangler:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:textwrangler:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:textwrangler:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:textwrangler:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:textwrangler:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:textwrangler:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:textwrangler:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:bbedit:*:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:bbedit:10.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:bbedit:10.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:bbedit:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:bbedit:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:bbedit:10.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:bbedit:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:bbedit:10.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:bbedit:10.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:bbedit:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:*:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:barebones:yojimbo:1.5.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3667
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3667
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2013-3667
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3667
-
http://www.barebones.com/support/bbedit/arch_bbedit1055.html
Bare Bones Software | BBEdit 10.5.5 Release NotesVendor Advisory
-
https://groups.google.com/forum/#!msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ
[ANN] BBEdit 10.5.5 (3305) pre-release - Google Groepen
-
http://www.barebones.com/support/yojimbo/arch_yojimbo40.html
Bare Bones Software | Yojimbo 4.0 Release NotesVendor Advisory
-
http://www.barebones.com/support/textwrangler/notes_tw453.html
Bare Bones Software | TextWrangler 4.5.3 Release NotesVendor Advisory
Jump to