{"url":"http://public2.vulnerablecode.io/api/packages/89240?format=json","purl":"pkg:deb/debian/bip@0.9.0~rc4-1?distro=trixie","type":"deb","namespace":"debian","name":"bip","version":"0.9.0~rc4-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.9.3-1","latest_non_vulnerable_version":"0.9.3-1.2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61078?format=json","vulnerability_id":"VCID-2kv1-ah6z-xfe7","summary":"connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550.  NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-5268","reference_id":"","reference_type":"","scores":[{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.7539","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75419","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75423","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75414","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75401","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75426","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-5268"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5268","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5268"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89244?format=json","purl":"pkg:deb/debian/bip@0.8.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.8.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89240?format=json","purl":"pkg:deb/debian/bip@0.9.0~rc4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.0~rc4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89238?format=json","purl":"pkg:deb/debian/bip@0.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89243?format=json","purl":"pkg:deb/debian/bip@0.9.3-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.3-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89241?format=json","purl":"pkg:deb/debian/bip@0.9.3-1.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.3-1.2%3Fdistro=trixie"}],"aliases":["CVE-2011-5268"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2kv1-ah6z-xfe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61080?format=json","vulnerability_id":"VCID-jdwg-wrcp-8fap","summary":"Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4550","reference_id":"","reference_type":"","scores":[{"value":"0.01003","scoring_system":"epss","scoring_elements":"0.77361","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01003","scoring_system":"epss","scoring_elements":"0.77389","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01003","scoring_system":"epss","scoring_elements":"0.77399","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01003","scoring_system":"epss","scoring_elements":"0.7739","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01003","scoring_system":"epss","scoring_elements":"0.7738","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01003","scoring_system":"epss","scoring_elements":"0.77401","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4550"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89244?format=json","purl":"pkg:deb/debian/bip@0.8.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.8.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89240?format=json","purl":"pkg:deb/debian/bip@0.9.0~rc4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.0~rc4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89238?format=json","purl":"pkg:deb/debian/bip@0.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89243?format=json","purl":"pkg:deb/debian/bip@0.9.3-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.3-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89241?format=json","purl":"pkg:deb/debian/bip@0.9.3-1.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.3-1.2%3Fdistro=trixie"}],"aliases":["CVE-2013-4550"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdwg-wrcp-8fap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61079?format=json","vulnerability_id":"VCID-jne3-h3ku-5fcj","summary":"Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file descriptors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0806","reference_id":"","reference_type":"","scores":[{"value":"0.04519","scoring_system":"epss","scoring_elements":"0.89342","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04519","scoring_system":"epss","scoring_elements":"0.89361","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04519","scoring_system":"epss","scoring_elements":"0.8936","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04519","scoring_system":"epss","scoring_elements":"0.89378","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0806"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657217","reference_id":"657217","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657217"},{"reference_url":"https://security.gentoo.org/glsa/201201-18","reference_id":"GLSA-201201-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-18"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89246?format=json","purl":"pkg:deb/debian/bip@0.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89240?format=json","purl":"pkg:deb/debian/bip@0.9.0~rc4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.0~rc4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89238?format=json","purl":"pkg:deb/debian/bip@0.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89243?format=json","purl":"pkg:deb/debian/bip@0.9.3-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.3-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89241?format=json","purl":"pkg:deb/debian/bip@0.9.3-1.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.3-1.2%3Fdistro=trixie"}],"aliases":["CVE-2012-0806"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jne3-h3ku-5fcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61077?format=json","vulnerability_id":"VCID-p2pq-1hwr-b3du","summary":"bip before 0.8.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an empty USER command.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3071","reference_id":"","reference_type":"","scores":[{"value":"0.0188","scoring_system":"epss","scoring_elements":"0.83496","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0188","scoring_system":"epss","scoring_elements":"0.8352","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0188","scoring_system":"epss","scoring_elements":"0.83522","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0188","scoring_system":"epss","scoring_elements":"0.83519","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0188","scoring_system":"epss","scoring_elements":"0.8351","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0188","scoring_system":"epss","scoring_elements":"0.83524","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3071"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3071","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3071"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595409","reference_id":"595409","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595409"},{"reference_url":"https://security.gentoo.org/glsa/201201-18","reference_id":"GLSA-201201-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-18"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89239?format=json","purl":"pkg:deb/debian/bip@0.8.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.8.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89240?format=json","purl":"pkg:deb/debian/bip@0.9.0~rc4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.0~rc4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89238?format=json","purl":"pkg:deb/debian/bip@0.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89243?format=json","purl":"pkg:deb/debian/bip@0.9.3-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.3-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89241?format=json","purl":"pkg:deb/debian/bip@0.9.3-1.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.3-1.2%3Fdistro=trixie"}],"aliases":["CVE-2010-3071"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p2pq-1hwr-b3du"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bip@0.9.0~rc4-1%3Fdistro=trixie"}