← back
CVE-2013-1762

CVE-2013-1762

EPSS 2.9%
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://rhn.redhat.com/errata/RHSA-2013-0714.htmlhttps://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097https://www.stunnel.org/CVE-2013-1762.htmlhttp://www.debian.org/security/2013/dsa-2664http://www.mandriva.com/security/advisories?name=MDVSA-2013:130