Vulnerability Details CVE-2011-5268
connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121868.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122274.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122278.html
- http://www.openwall.com/lists/oss-security/2014/01/02/9
- https://projects.duckcorp.org/issues/261
- https://projects.duckcorp.org/versions/13
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121868.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122274.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122278.html
- http://www.openwall.com/lists/oss-security/2014/01/02/9
- https://projects.duckcorp.org/issues/261
- https://projects.duckcorp.org/versions/13
Products affected by CVE-2011-5268
-
cpe:2.3:a:duckcorp:bip:0.7.0
-
cpe:2.3:a:duckcorp:bip:0.7.1
-
cpe:2.3:a:duckcorp:bip:0.7.2
-
cpe:2.3:a:duckcorp:bip:0.7.3
-
cpe:2.3:a:duckcorp:bip:0.7.4
-
cpe:2.3:a:duckcorp:bip:0.7.5
-
cpe:2.3:a:duckcorp:bip:0.8.0
-
cpe:2.3:a:duckcorp:bip:0.8.1
-
cpe:2.3:a:duckcorp:bip:0.8.2
-
cpe:2.3:a:duckcorp:bip:0.8.3
-
cpe:2.3:a:duckcorp:bip:0.8.4
-
cpe:2.3:a:duckcorp:bip:0.8.5
-
cpe:2.3:a:duckcorp:bip:0.8.6
-
cpe:2.3:a:duckcorp:bip:0.8.7
-
cpe:2.3:a:duckcorp:bip:0.8.8
-
cpe:2.3:o:fedoraproject:fedora:18
-
cpe:2.3:o:fedoraproject:fedora:19
-
cpe:2.3:o:fedoraproject:fedora:20