CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
0.4%
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
Vendor | Product | Version | CPE |
---|---|---|---|
stunnel | stunnel | 3.3 | cpe:2.3:a:stunnel:stunnel:3.3:*:*:*:*:*:*:* |
stunnel | stunnel | 3.4a | cpe:2.3:a:stunnel:stunnel:3.4a:*:*:*:*:*:*:* |
stunnel | stunnel | 3.7 | cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:* |
stunnel | stunnel | 3.8 | cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:* |
stunnel | stunnel | 3.9 | cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:* |
stunnel | stunnel | 3.10 | cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:* |
stunnel | stunnel | 3.11 | cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:* |
stunnel | stunnel | 3.12 | cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:* |
stunnel | stunnel | 3.13 | cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:* |
stunnel | stunnel | 3.14 | cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:* |