CVE-2013-4550 : Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an un

Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268.

Published 2013-12-24 18:55:04

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2013-4550

Fedoraproject » Fedora » Version: 18
cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 19
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 20
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
Matching versions
Duckcorp » BIP
Versions up to, including, (<=) 0.8.8
cpe:2.3:a:duckcorp:bip:*:*:*:*:*:*:*:*
Matching versions
Duckcorp » BIP » Version: 0.8.1
cpe:2.3:a:duckcorp:bip:0.8.1:*:*:*:*:*:*:*
Matching versions
Duckcorp » BIP » Version: 0.8.2
cpe:2.3:a:duckcorp:bip:0.8.2:*:*:*:*:*:*:*
Matching versions
Duckcorp » BIP » Version: 0.8.3
cpe:2.3:a:duckcorp:bip:0.8.3:*:*:*:*:*:*:*
Matching versions
Duckcorp » BIP » Version: 0.8.4
cpe:2.3:a:duckcorp:bip:0.8.4:*:*:*:*:*:*:*
Matching versions
Duckcorp » BIP » Version: 0.8.0 Update RC0
cpe:2.3:a:duckcorp:bip:0.8.0:rc0:*:*:*:*:*:*
Matching versions
Duckcorp » BIP » Version: 0.8.0
cpe:2.3:a:duckcorp:bip:0.8.0:*:*:*:*:*:*:*
Matching versions
Duckcorp » BIP » Version: 0.8.0 Update RC1
cpe:2.3:a:duckcorp:bip:0.8.0:rc1:*:*:*:*:*:*
Matching versions
Duckcorp » BIP » Version: 0.8.5
cpe:2.3:a:duckcorp:bip:0.8.5:*:*:*:*:*:*:*
Matching versions
Duckcorp » BIP » Version: 0.8.6
cpe:2.3:a:duckcorp:bip:0.8.6:*:*:*:*:*:*:*
Matching versions
Duckcorp » BIP » Version: 0.8.7
cpe:2.3:a:duckcorp:bip:0.8.7:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-4550

EPSS FAQ

1.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 75 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-4550

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P	4.9	6.4	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-4550

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-4550

http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121868.html

[SECURITY] Fedora 20 Update: bip-0.8.9-1.fc20
Patch

CVEs referencing this url
https://projects.duckcorp.org/issues/261

Bug #261: Failed SSL handshake causes bip to write to a random socket, and never close the connection - Bip - DuckCorp Projects

CVEs referencing this url
https://projects.duckcorp.org/versions/13

0.8.9 - Bip - DuckCorp Projects

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122274.html

[SECURITY] Fedora 19 Update: bip-0.8.9-1.fc19

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2014/01/02/9

oss-security - Re: Duplicated CVE assignment for bip

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122278.html

[SECURITY] Fedora 18 Update: bip-0.8.9-1.fc18

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-4550

Products affected by CVE-2013-4550

Exploit prediction scoring system (EPSS) score for CVE-2013-4550

CVSS scores for CVE-2013-4550

CWE ids for CVE-2013-4550

References for CVE-2013-4550