Lucene search
HistoryMar 08, 2013 - 6:55 p.m.
CVE-2013-1762
6.6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:P/I:P/A:C
7.7 High
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
83.3%
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
Affected configurations
Node
stunnelstunnelRange≤4.54
ORstunnelstunnelMatch4.21
ORstunnelstunnelMatch4.22
ORstunnelstunnelMatch4.23
ORstunnelstunnelMatch4.24
ORstunnelstunnelMatch4.25
ORstunnelstunnelMatch4.26
ORstunnelstunnelMatch4.27
ORstunnelstunnelMatch4.28
ORstunnelstunnelMatch4.29
ORstunnelstunnelMatch4.30
ORstunnelstunnelMatch4.31
ORstunnelstunnelMatch4.32
ORstunnelstunnelMatch4.33
ORstunnelstunnelMatch4.34
ORstunnelstunnelMatch4.35
ORstunnelstunnelMatch4.36
ORstunnelstunnelMatch4.37
ORstunnelstunnelMatch4.38
ORstunnelstunnelMatch4.39
ORstunnelstunnelMatch4.40
ORstunnelstunnelMatch4.41
ORstunnelstunnelMatch4.42
ORstunnelstunnelMatch4.43
ORstunnelstunnelMatch4.44
ORstunnelstunnelMatch4.45
ORstunnelstunnelMatch4.46
ORstunnelstunnelMatch4.47
ORstunnelstunnelMatch4.48
ORstunnelstunnelMatch4.49
ORstunnelstunnelMatch4.50
ORstunnelstunnelMatch4.51
ORstunnelstunnelMatch4.52
ORstunnelstunnelMatch4.53
Related
cve
cve
CVE-2013-1762
2013-03-08 18:55:01
freebsd
freebsd
stunnel -- Remote Code Execution
2013-03-03 00:00:00
nessus
nessus
Debian DSA-2664-1 : stunnel4 - buffer overflow
2013-05-03 00:00:00
RHEL 6 : stunnel (RHSA-2013:0714)
2013-04-09 00:00:00
GLSA-201402-08 : stunnel: Arbitrary code execution
2014-02-07 00:00:00
openvas
openvas
RedHat Update for stunnel RHSA-2013:0714-01
2013-04-15 00:00:00
Oracle: Security Advisory (ELSA-2013-0714)
2015-10-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0709-1)
2021-06-09 00:00:00
securityvulns
securityvulns
stunnel integer overflow
2013-05-04 00:00:00
[SECURITY] [DSA 2664-1] stunnel4 security update
2013-05-04 00:00:00
oraclelinux
oraclelinux
stunnel security update
2013-04-08 00:00:00
redhat
redhat
(RHSA-2013:0714) Moderate: stunnel security update
2013-04-08 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:51:34
prion
prion
Design/Logic Flaw
2013-03-08 18:55:00
centos
centos
stunnel security update
2013-04-08 20:25:12
debiancve
debiancve
CVE-2013-1762
2013-03-08 18:55:01
gentoo
gentoo
stunnel: Arbitrary code execution
2014-02-06 00:00:00
cvelist
cvelist
CVE-2013-1762
2013-03-08 18:00:00
debian
debian
[SECURITY] [DSA 2664-1] stunnel4 security update
2013-05-02 17:13:11
ubuntucve
ubuntucve
CVE-2013-1762
2013-03-08 00:00:00
6.6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:P/I:P/A:C
7.7 High
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
83.3%
Related for NVD:CVE-2013-1762