stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Stunnel | Stunnel | * | 4.54 (including) |
Stunnel | Stunnel | 4.21 (including) | 4.21 (including) |
Stunnel | Stunnel | 4.22 (including) | 4.22 (including) |
Stunnel | Stunnel | 4.23 (including) | 4.23 (including) |
Stunnel | Stunnel | 4.24 (including) | 4.24 (including) |
Stunnel | Stunnel | 4.25 (including) | 4.25 (including) |
Stunnel | Stunnel | 4.26 (including) | 4.26 (including) |
Stunnel | Stunnel | 4.27 (including) | 4.27 (including) |
Stunnel | Stunnel | 4.28 (including) | 4.28 (including) |
Stunnel | Stunnel | 4.29 (including) | 4.29 (including) |
Stunnel | Stunnel | 4.30 (including) | 4.30 (including) |
Stunnel | Stunnel | 4.31 (including) | 4.31 (including) |
Stunnel | Stunnel | 4.32 (including) | 4.32 (including) |
Stunnel | Stunnel | 4.33 (including) | 4.33 (including) |
Stunnel | Stunnel | 4.34 (including) | 4.34 (including) |
Stunnel | Stunnel | 4.35 (including) | 4.35 (including) |
Stunnel | Stunnel | 4.36 (including) | 4.36 (including) |
Stunnel | Stunnel | 4.37 (including) | 4.37 (including) |
Stunnel | Stunnel | 4.38 (including) | 4.38 (including) |
Stunnel | Stunnel | 4.39 (including) | 4.39 (including) |
Stunnel | Stunnel | 4.40 (including) | 4.40 (including) |
Stunnel | Stunnel | 4.41 (including) | 4.41 (including) |
Stunnel | Stunnel | 4.42 (including) | 4.42 (including) |
Stunnel | Stunnel | 4.43 (including) | 4.43 (including) |
Stunnel | Stunnel | 4.44 (including) | 4.44 (including) |
Stunnel | Stunnel | 4.45 (including) | 4.45 (including) |
Stunnel | Stunnel | 4.46 (including) | 4.46 (including) |
Stunnel | Stunnel | 4.47 (including) | 4.47 (including) |
Stunnel | Stunnel | 4.48 (including) | 4.48 (including) |
Stunnel | Stunnel | 4.49 (including) | 4.49 (including) |
Stunnel | Stunnel | 4.50 (including) | 4.50 (including) |
Stunnel | Stunnel | 4.51 (including) | 4.51 (including) |
Stunnel | Stunnel | 4.52 (including) | 4.52 (including) |
Stunnel | Stunnel | 4.53 (including) | 4.53 (including) |
Red Hat Enterprise Linux 6 | RedHat | stunnel-0:4.29-3.el6_4 | * |
Stunnel4 | Ubuntu | hardy | * |
Stunnel4 | Ubuntu | lucid | * |
Stunnel4 | Ubuntu | oneiric | * |
Stunnel4 | Ubuntu | precise | * |
Stunnel4 | Ubuntu | quantal | * |
Stunnel4 | Ubuntu | raring | * |
Stunnel4 | Ubuntu | upstream | * |