CVE-2013-1762
08.03.2013, 18:55
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
Vendor | Product | Version |
---|---|---|
stunnel | stunnel | 𝑥 ≤ 4.54 |
stunnel | stunnel | 4.21 |
stunnel | stunnel | 4.22 |
stunnel | stunnel | 4.23 |
stunnel | stunnel | 4.24 |
stunnel | stunnel | 4.25 |
stunnel | stunnel | 4.26 |
stunnel | stunnel | 4.27 |
stunnel | stunnel | 4.28 |
stunnel | stunnel | 4.29 |
stunnel | stunnel | 4.30 |
stunnel | stunnel | 4.31 |
stunnel | stunnel | 4.32 |
stunnel | stunnel | 4.33 |
stunnel | stunnel | 4.34 |
stunnel | stunnel | 4.35 |
stunnel | stunnel | 4.36 |
stunnel | stunnel | 4.37 |
stunnel | stunnel | 4.38 |
stunnel | stunnel | 4.39 |
stunnel | stunnel | 4.40 |
stunnel | stunnel | 4.41 |
stunnel | stunnel | 4.42 |
stunnel | stunnel | 4.43 |
stunnel | stunnel | 4.44 |
stunnel | stunnel | 4.45 |
stunnel | stunnel | 4.46 |
stunnel | stunnel | 4.47 |
stunnel | stunnel | 4.48 |
stunnel | stunnel | 4.49 |
stunnel | stunnel | 4.50 |
stunnel | stunnel | 4.51 |
stunnel | stunnel | 4.52 |
stunnel | stunnel | 4.53 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
References