CVE-2013-1762

2013-03-08T18:55:00
ID CVE-2013-1762
Type cve
Reporter cve@mitre.org
Modified 2014-01-17T05:13:00

Description

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.