Skip to navigation

CVE Database

CVE-2013-1762

Impact: Moderate
Public: 2013-03-03
Bugzilla: 917839: CVE-2013-1762 Stunnel: buffer overflow vulnerability due to incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation
IAVA: 2013-B-0023

Details

The MITRE CVE dictionary describes this issue as:

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

Find out more about CVE-2013-1762 from the MITRE CVE dictionary and NIST NVD.

Statement

This issue did not affect the version of the stunnel package as shipped with Red Hat Enterprise Linux 5.

CVSS v2 metrics

Base Score: 6.6
Base Metrics: AV:N/AC:H/Au:N/C:P/I:P/A:P
Access Vector: Network
Access Complexity: High
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 6 (stunnel) RHSA-2013:0714 April 08, 2013

External References

https://www.stunnel.org/CVE-2013-1762.html

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.