CVE Vulnerabilities

CVE-2008-2420

Published: May 23, 2008 | Modified: Aug 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.

Affected Software

Name Vendor Start Version End Version
Stunnel Stunnel 4.21 4.21
Stunnel Stunnel 4.13 4.13
Stunnel Stunnel 4.02 4.02
Stunnel Stunnel 4.20 4.20
Stunnel Stunnel 4.00 4.00
Stunnel Stunnel 3.21c 3.21c
Stunnel Stunnel 3.7 3.7
Stunnel Stunnel 4.07 4.07
Stunnel Stunnel 4.09 4.09
Stunnel Stunnel 3.8p1 3.8p1
Stunnel Stunnel 3.6 3.6
Stunnel Stunnel 4.18 4.18
Stunnel Stunnel 4.15 4.15
Stunnel Stunnel 3.21b 3.21b
Stunnel Stunnel 3.14 3.14
Stunnel Stunnel 3.4a 3.4a
Stunnel Stunnel 3.22 3.22
Stunnel Stunnel 3.18 3.18
Stunnel Stunnel 3.20 3.20
Stunnel Stunnel 4.12 4.12
Stunnel Stunnel 4.04 4.04
Stunnel Stunnel 3.15 3.15
Stunnel Stunnel 4.05 4.05
Stunnel Stunnel 3.24 3.24
Stunnel Stunnel 3.11 3.11
Stunnel Stunnel 3.8 3.8
Stunnel Stunnel 4.22 4.22
Stunnel Stunnel 3.21 3.21
Stunnel Stunnel 3.8p4 3.8p4
Stunnel Stunnel 4.14 4.14
Stunnel Stunnel 3.13 3.13
Stunnel Stunnel 4.16 4.16
Stunnel Stunnel 3.23 3.23
Stunnel Stunnel 3.17 3.17
Stunnel Stunnel 3.5 3.5
Stunnel Stunnel 4.19 4.19
Stunnel Stunnel 4.10 4.10
Stunnel Stunnel 3.8p3 3.8p3
Stunnel Stunnel 3.8p2 3.8p2
Stunnel Stunnel 4.17 4.17
Stunnel Stunnel 3.10 3.10
Stunnel Stunnel 3.16 3.16
Stunnel Stunnel 3.9 3.9
Stunnel Stunnel 3.12 3.12
Stunnel Stunnel 3.21a 3.21a
Stunnel Stunnel 4.23 4.23
Stunnel Stunnel 4.08 4.08
Stunnel Stunnel 3.26 3.26
Stunnel Stunnel 4.06 4.06
Stunnel Stunnel 3.25 3.25
Stunnel Stunnel 4.11 4.11
Stunnel Stunnel 4.01 4.01
Stunnel Stunnel 4.03 4.03
Stunnel Stunnel 3.19 3.19

References