CVE-2013-3667
Published Dec 31, 2013
Last updated a year ago
Overview
- Description
- The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:barebones:textwrangler:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73EA7D40-2439-4BFA-8ECB-049DCACFF635",
"versionEndIncluding": "4.5.2"
},
{
"criteria": "cpe:2.3:a:barebones:textwrangler:2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1403434-D30C-4B3C-BC57-60436D9107FF"
},
{
"criteria": "cpe:2.3:a:barebones:textwrangler:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8186EFC1-E813-4674-A26C-A445003E0118"
},
{
"criteria": "cpe:2.3:a:barebones:textwrangler:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E4DED30-5415-4AAA-9677-8FBF77FFCB38"
},
{
"criteria": "cpe:2.3:a:barebones:textwrangler:3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FE67A27-9D10-4E71-8CD0-2B0FD0721599"
},
{
"criteria": "cpe:2.3:a:barebones:textwrangler:3.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96DDF8E2-61C4-484E-89C8-75B1C92391A3"
},
{
"criteria": "cpe:2.3:a:barebones:textwrangler:3.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BAEDFC43-BC9A-4830-ABDA-AAD4849E545D"
},
{
"criteria": "cpe:2.3:a:barebones:textwrangler:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26E77978-B6D9-473A-A922-D54A227A9F9F"
},
{
"criteria": "cpe:2.3:a:barebones:textwrangler:4.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8755484-D577-49BB-84F8-5E298DA259AD"
},
{
"criteria": "cpe:2.3:a:barebones:textwrangler:4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D58435AE-C263-4972-AE9A-7A54C2CE4049"
},
{
"criteria": "cpe:2.3:a:barebones:textwrangler:4.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BE5D395-F805-45B1-83F5-E5AAEC7FEF2B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:barebones:bbedit:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "930F5BF0-378C-4D4A-BAEF-29E1612ECDC2",
"versionEndIncluding": "10.5.4"
},
{
"criteria": "cpe:2.3:a:barebones:bbedit:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89B538F5-09A0-4F40-B73F-2C2125C55100"
},
{
"criteria": "cpe:2.3:a:barebones:bbedit:10.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B385F4B4-5EDD-4449-8DA2-74DCE8496498"
},
{
"criteria": "cpe:2.3:a:barebones:bbedit:10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0041F955-238E-4AD0-BAD8-BA098A904959"
},
{
"criteria": "cpe:2.3:a:barebones:bbedit:10.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03498766-0A63-480F-98F5-2CD929D2408C"
},
{
"criteria": "cpe:2.3:a:barebones:bbedit:10.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E792119E-4FE0-4E6E-B484-4B84EBAD3AEF"
},
{
"criteria": "cpe:2.3:a:barebones:bbedit:10.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E218878-DAF1-44C1-9035-3E9C0282F56F"
},
{
"criteria": "cpe:2.3:a:barebones:bbedit:10.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D93AF8FB-575D-49CF-9EE7-CBBCF8CD861E"
},
{
"criteria": "cpe:2.3:a:barebones:bbedit:10.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96955654-87CA-4BCB-9E50-04293FA036AB"
},
{
"criteria": "cpe:2.3:a:barebones:bbedit:10.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D757FE79-4412-4B84-8209-06ADFEC6927F"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:barebones:yojimbo:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4F37464-9948-47CB-90D9-A807F2256FE0",
"versionEndIncluding": "3.0.4"
},
{
"criteria": "cpe:2.3:a:barebones:yojimbo:1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "886415BF-8136-4622-88C9-69DC54ED5E73"
},
{
"criteria": "cpe:2.3:a:barebones:yojimbo:1.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B552EC3-AFD5-4138-8BBA-BA83947D1369"
},
{
"criteria": "cpe:2.3:a:barebones:yojimbo:1.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7141F7DE-6F2B-4445-8EE0-2F075A086CA8"
},
{
"criteria": "cpe:2.3:a:barebones:yojimbo:1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC616E64-EE25-4EE1-8166-93210353F4A8"
},
{
"criteria": "cpe:2.3:a:barebones:yojimbo:1.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D03C7BD-2DC6-425B-BEF2-4F171676890D"
},
{
"criteria": "cpe:2.3:a:barebones:yojimbo:1.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4011F910-DCFF-4667-9E28-644DF2F77D9E"
},
{
"criteria": "cpe:2.3:a:barebones:yojimbo:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0CD2682-ED03-441D-A816-6C582FC6C587"
},
{
"criteria": "cpe:2.3:a:barebones:yojimbo:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD7A7D41-1240-4D7B-B96C-06BA64CC82FD"
},
{
"criteria": "cpe:2.3:a:barebones:yojimbo:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD3C1CDD-1BB5-46ED-8BF5-0CF0A5805285"
},
{
"criteria": "cpe:2.3:a:barebones:yojimbo:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9AED67C-90ED-4DC3-BB95-73ED9147F136"
},
{
"criteria": "cpe:2.3:a:barebones:yojimbo:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "508FF127-029E-4FA7-8674-3BA360319DB3"
},
{
"criteria": "cpe:2.3:a:barebones:yojimbo:3.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09FD3398-56AC-47C0-944A-31E77F511BA9"
},
{
"criteria": "cpe:2.3:a:barebones:yojimbo:3.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F716BBF-8F34-4B6D-806F-1D8AB65CDCE3"
}
],
"operator": "OR"
}
]
}
]