OpenCVE

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

AV:N/AC:H/Au:N/C:P/I:P/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux
Stunnel	Stunnel

Configuration 1 [-]

OR	cpe:2.3:a:stunnel:stunnel::::::::
	cpe:2.3:a:stunnel:stunnel:4.21:::::::*
	cpe:2.3:a:stunnel:stunnel:4.22:::::::*
	cpe:2.3:a:stunnel:stunnel:4.23:::::::*
	cpe:2.3:a:stunnel:stunnel:4.24:::::::*
	cpe:2.3:a:stunnel:stunnel:4.25:::::::*
	cpe:2.3:a:stunnel:stunnel:4.26:::::::*
	cpe:2.3:a:stunnel:stunnel:4.27:::::::*
	cpe:2.3:a:stunnel:stunnel:4.28:::::::*
	cpe:2.3:a:stunnel:stunnel:4.29:::::::*
	cpe:2.3:a:stunnel:stunnel:4.30:::::::*
	cpe:2.3:a:stunnel:stunnel:4.31:::::::*
	cpe:2.3:a:stunnel:stunnel:4.32:::::::*
	cpe:2.3:a:stunnel:stunnel:4.33:::::::*
	cpe:2.3:a:stunnel:stunnel:4.34:::::::*
	cpe:2.3:a:stunnel:stunnel:4.35:::::::*
	cpe:2.3:a:stunnel:stunnel:4.36:::::::*
	cpe:2.3:a:stunnel:stunnel:4.37:::::::*
	cpe:2.3:a:stunnel:stunnel:4.38:::::::*
	cpe:2.3:a:stunnel:stunnel:4.39:::::::*
	cpe:2.3:a:stunnel:stunnel:4.40:::::::*
	cpe:2.3:a:stunnel:stunnel:4.41:::::::*
	cpe:2.3:a:stunnel:stunnel:4.42:::::::*
	cpe:2.3:a:stunnel:stunnel:4.43:::::::*
	cpe:2.3:a:stunnel:stunnel:4.44:::::::*
	cpe:2.3:a:stunnel:stunnel:4.45:::::::*
	cpe:2.3:a:stunnel:stunnel:4.46:::::::*
	cpe:2.3:a:stunnel:stunnel:4.47:::::::*
	cpe:2.3:a:stunnel:stunnel:4.48:::::::*
	cpe:2.3:a:stunnel:stunnel:4.49:::::::*
	cpe:2.3:a:stunnel:stunnel:4.50:::::::*
	cpe:2.3:a:stunnel:stunnel:4.51:::::::*
	cpe:2.3:a:stunnel:stunnel:4.52:::::::*
	cpe:2.3:a:stunnel:stunnel:4.53:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
stunnel-0:4.29-3.el6_4	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0714	2013-04-08T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2013-0714.html
http://www.debian.org/security/2013/dsa-2664
http://www.mandriva.com/security/advisories?name=MDVSA-2013:130
https://nvd.nist.gov/vuln/detail/CVE-2013-1762
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097
https://www.cve.org/CVERecord?id=CVE-2013-1762
https://www.stunnel.org/CVE-2013-1762.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-03-08T18:00:00

Updated: 2024-08-06T15:13:32.427Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-1762

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-03-08T18:55:01.743

Modified: 2024-11-21T01:50:20.090

Link: CVE-2013-1762

Redhat

Severity : Moderate

Publid Date: 2013-03-03T00:00:00Z

Links: CVE-2013-1762 - Bugzilla

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object