First published: Fri Mar 08 2013(Updated: )
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Stunnel Stunnel | <=4.54 | |
Stunnel Stunnel | =4.21 | |
Stunnel Stunnel | =4.22 | |
Stunnel Stunnel | =4.23 | |
Stunnel Stunnel | =4.24 | |
Stunnel Stunnel | =4.25 | |
Stunnel Stunnel | =4.26 | |
Stunnel Stunnel | =4.27 | |
Stunnel Stunnel | =4.28 | |
Stunnel Stunnel | =4.29 | |
Stunnel Stunnel | =4.30 | |
Stunnel Stunnel | =4.31 | |
Stunnel Stunnel | =4.32 | |
Stunnel Stunnel | =4.33 | |
Stunnel Stunnel | =4.34 | |
Stunnel Stunnel | =4.35 | |
Stunnel Stunnel | =4.36 | |
Stunnel Stunnel | =4.37 | |
Stunnel Stunnel | =4.38 | |
Stunnel Stunnel | =4.39 | |
Stunnel Stunnel | =4.40 | |
Stunnel Stunnel | =4.41 | |
Stunnel Stunnel | =4.42 | |
Stunnel Stunnel | =4.43 | |
Stunnel Stunnel | =4.44 | |
Stunnel Stunnel | =4.45 | |
Stunnel Stunnel | =4.46 | |
Stunnel Stunnel | =4.47 | |
Stunnel Stunnel | =4.48 | |
Stunnel Stunnel | =4.49 | |
Stunnel Stunnel | =4.50 | |
Stunnel Stunnel | =4.51 | |
Stunnel Stunnel | =4.52 | |
Stunnel Stunnel | =4.53 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.