CVE-2008-2420
Description
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
Risk Information
Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.488
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in stunnel 3.4a | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.7 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.8 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.10 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.11 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.12 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.13 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.14 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.15 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.16 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.17 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.18 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.19 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.20 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.21 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.21a | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.21b | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.21c | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.22 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.24 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.9 | Windows |
| Multiple Vulnerabilities are affected in stunnel 4.04 | Windows |
| Vulnerabilities CVE-2003-0147,CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.01 | Windows |
| Vulnerabilities CVE-2003-0147,CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.02 | Windows |
| Vulnerabilities CVE-2003-0147,CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.03 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.5 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.6 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.05 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.06 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.07 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.08 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.09 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.10 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.11 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.12 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.13 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.14 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.15 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.16 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.17 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.18 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.19 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.20 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.21 | Windows |
| Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.22 | Windows |
| Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.23 | Windows |
| Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.25 | Windows |
| Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.26 | Windows |
| Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.8p1 | Windows |
| Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.8p2 | Windows |
| Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.8p3 | Windows |
| Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.8p4 | Windows |
| Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.00 | Windows |
| Vulnerabilities CVE-2008-2420,CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.23 | Windows |
| CVE-2008-2420 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234