CVE-2013-1762

EPSS 2.0%

stunnel4 - buffer overflow

發布日:2013/3/8修改日:2026/5/26

也稱為:DEBIAN-CVE-2013-1762

描述

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

受影響套件(2)

Debian/stunnel4from 0, < 3:4.53-1.1
Debian/stunnel4from 0, < 3:4.29-1+squeeze1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-1762