Home

CVE-2013-1762

Description

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.01

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.21Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.22Windows
Vulnerabilities CVE-2008-2420,CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.23Windows
Vulnerabilities CVE-2011-2940,CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.40Windows
Vulnerabilities CVE-2011-2940,CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.41Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.24Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.25Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.26Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.27Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.28Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.29Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.30Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.31Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.32Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.33Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.34Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.35Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.36Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.37Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.38Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.39Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.42Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.43Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.44Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.45Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.46Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.47Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.48Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.49Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.50Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.51Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.52Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.53Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.54Windows
stunnel4 security update(DSA-2664-1) stunnel4_4.53-1.1_i386.debLinux
(RHSA-2013:0714) Moderate: stunnel security update stunnel-4.29-3.el6_4.i686.rpmLinux
(RHSA-2013:0714) Moderate: stunnel security update stunnel-4.29-3.el6_4.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234