{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-02T00:00:00", "descriptions": [{"lang": "en", "value": "The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform \"tampering or corruption\" of the updates."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-31T19:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.barebones.com/support/yojimbo/arch_yojimbo40.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.barebones.com/support/bbedit/arch_bbedit1055.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.barebones.com/support/textwrangler/notes_tw453.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3667", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform \"tampering or corruption\" of the updates."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.barebones.com/support/yojimbo/arch_yojimbo40.html", "refsource": "CONFIRM", "url": "http://www.barebones.com/support/yojimbo/arch_yojimbo40.html"}, {"name": "http://www.barebones.com/support/bbedit/arch_bbedit1055.html", "refsource": "CONFIRM", "url": "http://www.barebones.com/support/bbedit/arch_bbedit1055.html"}, {"name": "https://groups.google.com/forum/#!msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ", "refsource": "CONFIRM", "url": "https://groups.google.com/forum/#!msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ"}, {"name": "http://www.barebones.com/support/textwrangler/notes_tw453.html", "refsource": "CONFIRM", "url": "http://www.barebones.com/support/textwrangler/notes_tw453.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:14:56.656Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.barebones.com/support/yojimbo/arch_yojimbo40.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.barebones.com/support/bbedit/arch_bbedit1055.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.barebones.com/support/textwrangler/notes_tw453.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3667", "datePublished": "2013-12-31T20:00:00", "dateReserved": "2013-05-24T00:00:00", "dateUpdated": "2024-08-06T16:14:56.656Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:barebones:textwrangler:*:*:*:*:*:*:*:*", "matchCriteriaId": "73EA7D40-2439-4BFA-8ECB-049DCACFF635", "versionEndIncluding": "4.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:textwrangler:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "D1403434-D30C-4B3C-BC57-60436D9107FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:textwrangler:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "8186EFC1-E813-4674-A26C-A445003E0118", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:textwrangler:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "6E4DED30-5415-4AAA-9677-8FBF77FFCB38", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:textwrangler:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "7FE67A27-9D10-4E71-8CD0-2B0FD0721599", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:textwrangler:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "96DDF8E2-61C4-484E-89C8-75B1C92391A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:textwrangler:3.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "BAEDFC43-BC9A-4830-ABDA-AAD4849E545D", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:textwrangler:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "26E77978-B6D9-473A-A922-D54A227A9F9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:textwrangler:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A8755484-D577-49BB-84F8-5E298DA259AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:textwrangler:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "D58435AE-C263-4972-AE9A-7A54C2CE4049", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:textwrangler:4.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "5BE5D395-F805-45B1-83F5-E5AAEC7FEF2B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:barebones:bbedit:*:*:*:*:*:*:*:*", "matchCriteriaId": "930F5BF0-378C-4D4A-BAEF-29E1612ECDC2", "versionEndIncluding": "10.5.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "89B538F5-09A0-4F40-B73F-2C2125C55100", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B385F4B4-5EDD-4449-8DA2-74DCE8496498", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "0041F955-238E-4AD0-BAD8-BA098A904959", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "03498766-0A63-480F-98F5-2CD929D2408C", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E792119E-4FE0-4E6E-B484-4B84EBAD3AEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "6E218878-DAF1-44C1-9035-3E9C0282F56F", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "D93AF8FB-575D-49CF-9EE7-CBBCF8CD861E", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "96955654-87CA-4BCB-9E50-04293FA036AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:bbedit:10.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D757FE79-4412-4B84-8209-06ADFEC6927F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:barebones:yojimbo:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4F37464-9948-47CB-90D9-A807F2256FE0", "versionEndIncluding": "3.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:yojimbo:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "886415BF-8136-4622-88C9-69DC54ED5E73", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:yojimbo:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B552EC3-AFD5-4138-8BBA-BA83947D1369", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:yojimbo:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "7141F7DE-6F2B-4445-8EE0-2F075A086CA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:yojimbo:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BC616E64-EE25-4EE1-8166-93210353F4A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:yojimbo:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D03C7BD-2DC6-425B-BEF2-4F171676890D", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:yojimbo:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "4011F910-DCFF-4667-9E28-644DF2F77D9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:yojimbo:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E0CD2682-ED03-441D-A816-6C582FC6C587", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:yojimbo:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "BD7A7D41-1240-4D7B-B96C-06BA64CC82FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:yojimbo:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "CD3C1CDD-1BB5-46ED-8BF5-0CF0A5805285", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:yojimbo:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9AED67C-90ED-4DC3-BB95-73ED9147F136", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:yojimbo:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "508FF127-029E-4FA7-8674-3BA360319DB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:yojimbo:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "09FD3398-56AC-47C0-944A-31E77F511BA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:barebones:yojimbo:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "2F716BBF-8F34-4B6D-806F-1D8AB65CDCE3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform \"tampering or corruption\" of the updates."}, {"lang": "es", "value": "El mecanismo de actualizaci\u00f3n de software que se utiliza en Bare Bones Software Yojimbo antes de 4.0, TextWrangler antes de 4.5.3, y BBEdit anterior a 10.5.5 no descarga y verifica correctamente las actualizaciones antes de la instalaci\u00f3n, lo que permite a los atacantes realizar \"la manipulaci\u00f3n o la corrupci\u00f3n\" de las actualizaciones."}], "id": "CVE-2013-3667", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-31T20:55:15.167", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.barebones.com/support/bbedit/arch_bbedit1055.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.barebones.com/support/textwrangler/notes_tw453.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.barebones.com/support/yojimbo/arch_yojimbo40.html"}, {"source": "cve@mitre.org", "url": "https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.barebones.com/support/bbedit/arch_bbedit1055.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.barebones.com/support/textwrangler/notes_tw453.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.barebones.com/support/yojimbo/arch_yojimbo40.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}