CVE-2014-0016 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N
redhat	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 53%

Vendor	Product	Version
stunnel	stunnel	𝑥 ≤ 4.56
stunnel	stunnel	0.1
stunnel	stunnel	1.0
stunnel	stunnel	1.1
stunnel	stunnel	1.2
stunnel	stunnel	1.3
stunnel	stunnel	1.4
stunnel	stunnel	1.5
stunnel	stunnel	1.6
stunnel	stunnel	2.0
stunnel	stunnel	2.1
stunnel	stunnel	3.0
stunnel	stunnel	3.0:b1
stunnel	stunnel	3.0:b2
stunnel	stunnel	3.0:b3
stunnel	stunnel	3.0:b4
stunnel	stunnel	3.0:b5
stunnel	stunnel	3.0:b6
stunnel	stunnel	3.0:b7
stunnel	stunnel	3.1
stunnel	stunnel	3.2
stunnel	stunnel	3.3
stunnel	stunnel	3.4a:a
stunnel	stunnel	3.5
stunnel	stunnel	3.6
stunnel	stunnel	3.7
stunnel	stunnel	3.8
stunnel	stunnel	3.8:p1
stunnel	stunnel	3.8:p2
stunnel	stunnel	3.8:p3
stunnel	stunnel	3.8:p4
stunnel	stunnel	3.8p1:p1
stunnel	stunnel	3.8p2:p2
stunnel	stunnel	3.8p3:p3
stunnel	stunnel	3.8p4:p4
stunnel	stunnel	3.9
stunnel	stunnel	3.10
stunnel	stunnel	3.11
stunnel	stunnel	3.12
stunnel	stunnel	3.13
stunnel	stunnel	3.14
stunnel	stunnel	3.15
stunnel	stunnel	3.16
stunnel	stunnel	3.17
stunnel	stunnel	3.18
stunnel	stunnel	3.19
stunnel	stunnel	3.20
stunnel	stunnel	3.21
stunnel	stunnel	3.21a:a
stunnel	stunnel	3.21b:b
stunnel	stunnel	3.21c:c
stunnel	stunnel	3.22
stunnel	stunnel	3.23
stunnel	stunnel	3.24
stunnel	stunnel	3.25
stunnel	stunnel	3.26
stunnel	stunnel	4.00
stunnel	stunnel	4.0
stunnel	stunnel	4.01
stunnel	stunnel	4.02
stunnel	stunnel	4.03
stunnel	stunnel	4.04
stunnel	stunnel	4.05
stunnel	stunnel	4.06
stunnel	stunnel	4.07
stunnel	stunnel	4.08
stunnel	stunnel	4.09
stunnel	stunnel	4.10
stunnel	stunnel	4.11
stunnel	stunnel	4.12
stunnel	stunnel	4.13
stunnel	stunnel	4.14
stunnel	stunnel	4.15
stunnel	stunnel	4.16
stunnel	stunnel	4.17
stunnel	stunnel	4.18
stunnel	stunnel	4.19
stunnel	stunnel	4.20
stunnel	stunnel	4.21
stunnel	stunnel	4.22
stunnel	stunnel	4.23
stunnel	stunnel	4.24
stunnel	stunnel	4.25
stunnel	stunnel	4.26
stunnel	stunnel	4.27
stunnel	stunnel	4.28
stunnel	stunnel	4.29
stunnel	stunnel	4.30
stunnel	stunnel	4.31
stunnel	stunnel	4.32
stunnel	stunnel	4.33
stunnel	stunnel	4.34
stunnel	stunnel	4.35
stunnel	stunnel	4.36
stunnel	stunnel	4.37
stunnel	stunnel	4.38
stunnel	stunnel	4.39
stunnel	stunnel	4.40
stunnel	stunnel	4.41
stunnel	stunnel	4.42
stunnel	stunnel	4.43
stunnel	stunnel	4.44
stunnel	stunnel	4.45
stunnel	stunnel	4.46
stunnel	stunnel	4.47
stunnel	stunnel	4.48
stunnel	stunnel	4.49
stunnel	stunnel	4.50
stunnel	stunnel	4.51
stunnel	stunnel	4.52
stunnel	stunnel	4.53
stunnel	stunnel	4.54
stunnel	stunnel	4.55

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

stunnel4

bullseye	3:5.56+dfsg-10 fixed
bookworm	3:5.68-2+deb12u1 fixed
sid	3:5.73-1 fixed
trixie	3:5.73-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

stunnel4

bionic	Fixed 3:5.02-1 released
artful	Fixed 3:5.02-1 released
zesty	Fixed 3:5.02-1 released
yakkety	Fixed 3:5.02-1 released
xenial	Fixed 3:5.02-1 released
wily	Fixed 3:5.02-1 released
vivid	Fixed 3:5.02-1 released
utopic	Fixed 3:5.02-1 released
trusty	not-affected
saucy	ignored
quantal	ignored
precise	ignored
lucid	ignored

Common Weakness Enumeration

CWE-332 - Insufficient Entropy in PRNG
The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

References

http://www.openwall.com/lists/oss-security/2014/03/05/1

http://www.securityfocus.com/bid/65964

https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff

https://bugzilla.redhat.com/show_bug.cgi?id=1072180

https://www.stunnel.org/sdf_ChangeLog.html

http://www.openwall.com/lists/oss-security/2014/03/05/1

http://www.securityfocus.com/bid/65964

https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff

https://bugzilla.redhat.com/show_bug.cgi?id=1072180

https://www.stunnel.org/sdf_ChangeLog.html