Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | stunnel4 | < 3:5.18-1 | stunnel4_3:5.18-1_all.deb |
Debian | 11 | all | stunnel4 | < 3:5.18-1 | stunnel4_3:5.18-1_all.deb |
Debian | 10 | all | stunnel4 | < 3:5.18-1 | stunnel4_3:5.18-1_all.deb |
Debian | 999 | all | stunnel4 | < 3:5.18-1 | stunnel4_3:5.18-1_all.deb |
Debian | 13 | all | stunnel4 | < 3:5.18-1 | stunnel4_3:5.18-1_all.deb |