CVE-2013-3667

The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
barebonestextwrangler
𝑥
≤ 4.5.2
barebonestextwrangler
2.3
barebonestextwrangler
3.0
barebonestextwrangler
3.1
barebonestextwrangler
3.5
barebonestextwrangler
3.5.1
barebonestextwrangler
3.5.3
barebonestextwrangler
4.0
barebonestextwrangler
4.0.1
barebonestextwrangler
4.5
barebonestextwrangler
4.5.1
barebonesbbedit
𝑥
≤ 10.5.4
barebonesbbedit
10.0
barebonesbbedit
10.0.1
barebonesbbedit
10.1
barebonesbbedit
10.1.1
barebonesbbedit
10.1.2
barebonesbbedit
10.5
barebonesbbedit
10.5.1
barebonesbbedit
10.5.2
barebonesbbedit
10.5.3
barebonesyojimbo
𝑥
≤ 3.0.4
barebonesyojimbo
1.4
barebonesyojimbo
1.4.1
barebonesyojimbo
1.4.2
barebonesyojimbo
1.5
barebonesyojimbo
1.5.1
barebonesyojimbo
1.5.2
barebonesyojimbo
2.0
barebonesyojimbo
2.1
barebonesyojimbo
2.2
barebonesyojimbo
3.0
barebonesyojimbo
3.0.1
barebonesyojimbo
3.0.2
barebonesyojimbo
3.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.barebones.com/support/bbedit/arch_bbedit1055.html
http://www.barebones.com/support/textwrangler/notes_tw453.html
http://www.barebones.com/support/yojimbo/arch_yojimbo40.html
https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ
http://www.barebones.com/support/bbedit/arch_bbedit1055.html
http://www.barebones.com/support/textwrangler/notes_tw453.html
http://www.barebones.com/support/yojimbo/arch_yojimbo40.html
https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ