Medium severity5.3NVD Advisory· Published Oct 18, 2017· Updated May 13, 2026

CVE-2017-13083

Description

Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code

Affected products

Akeo/Rufus
cpe:2.3:a:akeo:rufus:*:b1186:*:*:*:*:*:*
Range: <=2.17

Patches

c3c39f7f8a11

https://github.com/pbatard/rufusvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

www.kb.cert.org/vuls/id/403768nvdThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/100516nvdThird Party AdvisoryVDB Entry
github.com/pbatard/rufus/commit/c3c39f7f8a11f612c4ebf7affce25ec6928eb1cbnvdThird Party Advisory
github.com/pbatard/rufus/issues/1009nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000