Published: 31/01/2002 Updated: 10/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Format string vulnerability in stunnel prior to 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
stunnel stunnel 3.14
stunnel stunnel 3.15
stunnel stunnel 3.16
stunnel stunnel 3.21b
stunnel stunnel 3.21c
stunnel stunnel 3.9
stunnel stunnel 3.12
stunnel stunnel 3.13
stunnel stunnel 3.21
stunnel stunnel 3.21a
stunnel stunnel 3.7
stunnel stunnel 3.8
stunnel stunnel 3.17
stunnel stunnel 3.18
stunnel stunnel 3.22
stunnel stunnel 3.24
stunnel stunnel 3.10
stunnel stunnel 3.11
stunnel stunnel 3.19
stunnel stunnel 3.20
stunnel stunnel 3.3
stunnel stunnel 3.4a
engardelinux secure linux 1.0.1
mandrakesoft mandrake linux 8.1
redhat linux 7.2

source: wwwsecurityfocuscom/bid/3748/info Stunnel is a freely available, open source cryptography wrapper It is designed to wrap arbitrary protocols that may or may not support cryptography It is maintained by the Stunnel project Stunnel does not properly handle unexpected input by users When a protocol is initiated between a client ...

NVD-CWE-Other http://stunnel.mirt.net/news.html http://www.redhat.com/support/errata/RHSA-2002-002.html http://online.securityfocus.com/archive/1/247427 http://online.securityfocus.com/archive/1/248149 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3 http://www.securityfocus.com/bid/3748 http://marc.info/?l=stunnel-users&m=100869449828705&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/7741 https://nvd.nist.gov https://www.exploit-db.com/exploits/21192/

CVE-2002-0002

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect