CVE-2013-3667

Published Dec 31, 2013
Last updated a year ago
CVSS info 6.4
Overview

Description: The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-20
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:barebones:textwrangler:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73EA7D40-2439-4BFA-8ECB-049DCACFF635",
            "versionEndIncluding": "4.5.2"
          },
          {
            "criteria": "cpe:2.3:a:barebones:textwrangler:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1403434-D30C-4B3C-BC57-60436D9107FF"
          },
          {
            "criteria": "cpe:2.3:a:barebones:textwrangler:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8186EFC1-E813-4674-A26C-A445003E0118"
          },
          {
            "criteria": "cpe:2.3:a:barebones:textwrangler:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E4DED30-5415-4AAA-9677-8FBF77FFCB38"
          },
          {
            "criteria": "cpe:2.3:a:barebones:textwrangler:3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FE67A27-9D10-4E71-8CD0-2B0FD0721599"
          },
          {
            "criteria": "cpe:2.3:a:barebones:textwrangler:3.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96DDF8E2-61C4-484E-89C8-75B1C92391A3"
          },
          {
            "criteria": "cpe:2.3:a:barebones:textwrangler:3.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAEDFC43-BC9A-4830-ABDA-AAD4849E545D"
          },
          {
            "criteria": "cpe:2.3:a:barebones:textwrangler:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26E77978-B6D9-473A-A922-D54A227A9F9F"
          },
          {
            "criteria": "cpe:2.3:a:barebones:textwrangler:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8755484-D577-49BB-84F8-5E298DA259AD"
          },
          {
            "criteria": "cpe:2.3:a:barebones:textwrangler:4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D58435AE-C263-4972-AE9A-7A54C2CE4049"
          },
          {
            "criteria": "cpe:2.3:a:barebones:textwrangler:4.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BE5D395-F805-45B1-83F5-E5AAEC7FEF2B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:barebones:bbedit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "930F5BF0-378C-4D4A-BAEF-29E1612ECDC2",
            "versionEndIncluding": "10.5.4"
          },
          {
            "criteria": "cpe:2.3:a:barebones:bbedit:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89B538F5-09A0-4F40-B73F-2C2125C55100"
          },
          {
            "criteria": "cpe:2.3:a:barebones:bbedit:10.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B385F4B4-5EDD-4449-8DA2-74DCE8496498"
          },
          {
            "criteria": "cpe:2.3:a:barebones:bbedit:10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0041F955-238E-4AD0-BAD8-BA098A904959"
          },
          {
            "criteria": "cpe:2.3:a:barebones:bbedit:10.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03498766-0A63-480F-98F5-2CD929D2408C"
          },
          {
            "criteria": "cpe:2.3:a:barebones:bbedit:10.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E792119E-4FE0-4E6E-B484-4B84EBAD3AEF"
          },
          {
            "criteria": "cpe:2.3:a:barebones:bbedit:10.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E218878-DAF1-44C1-9035-3E9C0282F56F"
          },
          {
            "criteria": "cpe:2.3:a:barebones:bbedit:10.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D93AF8FB-575D-49CF-9EE7-CBBCF8CD861E"
          },
          {
            "criteria": "cpe:2.3:a:barebones:bbedit:10.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96955654-87CA-4BCB-9E50-04293FA036AB"
          },
          {
            "criteria": "cpe:2.3:a:barebones:bbedit:10.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D757FE79-4412-4B84-8209-06ADFEC6927F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4F37464-9948-47CB-90D9-A807F2256FE0",
            "versionEndIncluding": "3.0.4"
          },
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "886415BF-8136-4622-88C9-69DC54ED5E73"
          },
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B552EC3-AFD5-4138-8BBA-BA83947D1369"
          },
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:1.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7141F7DE-6F2B-4445-8EE0-2F075A086CA8"
          },
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC616E64-EE25-4EE1-8166-93210353F4A8"
          },
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D03C7BD-2DC6-425B-BEF2-4F171676890D"
          },
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4011F910-DCFF-4667-9E28-644DF2F77D9E"
          },
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0CD2682-ED03-441D-A816-6C582FC6C587"
          },
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD7A7D41-1240-4D7B-B96C-06BA64CC82FD"
          },
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD3C1CDD-1BB5-46ED-8BF5-0CF0A5805285"
          },
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9AED67C-90ED-4DC3-BB95-73ED9147F136"
          },
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "508FF127-029E-4FA7-8674-3BA360319DB3"
          },
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09FD3398-56AC-47C0-944A-31E77F511BA9"
          },
          {
            "criteria": "cpe:2.3:a:barebones:yojimbo:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F716BBF-8F34-4B6D-806F-1D8AB65CDCE3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
