Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.6
CVSSv2

CVE-2013-1762

Published: 08/03/2013 Updated: 17/01/2014
CVSS v2 Base Score: 6.6 | Impact Score: 8.5 | Exploitability Score: 4.9
VMScore: 587
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:C
Subscribe to Stunnel

Vulnerability Summary

stunnel 4.21 up to and including 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

stunnel stunnel 4.24

stunnel stunnel 4.23

stunnel stunnel 4.33

stunnel stunnel 4.34

stunnel stunnel 4.42

stunnel stunnel 4.43

stunnel stunnel 4.44

stunnel stunnel 4.51

stunnel stunnel 4.52

stunnel stunnel 4.26

stunnel stunnel 4.25

stunnel stunnel 4.31

stunnel stunnel 4.32

stunnel stunnel 4.39

stunnel stunnel 4.41

stunnel stunnel 4.49

stunnel stunnel 4.50

stunnel stunnel 4.40

stunnel stunnel 4.22

stunnel stunnel 4.21

stunnel stunnel 4.35

stunnel stunnel 4.36

stunnel stunnel 4.45

stunnel stunnel 4.46

stunnel stunnel 4.53

stunnel stunnel

stunnel stunnel 4.28

stunnel stunnel 4.27

stunnel stunnel 4.29

stunnel stunnel 4.30

stunnel stunnel 4.37

stunnel stunnel 4.38

stunnel stunnel 4.47

stunnel stunnel 4.48

Vendor Advisories

Red Hat: Moderate: stunnel security update
Synopsis Moderate: stunnel security update Type/Severity Security Advisory: Moderate Topic An updated stunnel package that fixes one security issue is now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerabilit ...
Debian CVElist Bug Report Logs: stunnel: CVE-2013-1762 buffer overflow in NTLM authentication of the CONNECT protocol negotiation
Debian Bug report logs - #702267 stunnel: CVE-2013-1762 buffer overflow in NTLM authentication of the CONNECT protocol negotiation Package: stunnel4; Maintainer for stunnel4 is Peter Pentchev <roam@debianorg>; Source for stunnel4 is src:stunnel4 (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: M ...
Debian Security Advisories: DSA-2664-1 stunnel4 -- buffer overflow
Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager (NTLM) authentication (protocolAuthentication = NTLM) together with the connect protocol method (protocol = connect) With these prerequisites and using stunnel4 in SSL client mode ( ...

References

CWE-94https://www.stunnel.org/CVE-2013-1762.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0714.htmlhttp://www.debian.org/security/2013/dsa-2664https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097http://www.mandriva.com/security/advisories?name=MDVSA-2013:130https://access.redhat.com/errata/RHSA-2013:0714https://nvd.nist.govhttps://www.debian.org/security/./dsa-2664
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook