CVE-2002-0002
STunnel 3.x - Client Negotiation Protocol Format String
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.
Vulnerabilidad en el formateado de cadenas en stunnel anterior a la 3.22 cuando se usa en modo cliente para smtp, pop o nntp permite que servidores remotos maliciosos ejecuten código arbitrario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2001-12-22 First Exploit
- 2002-01-02 CVE Reserved
- 2002-01-31 CVE Published
- 2024-05-25 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=stunnel-users&m=100869449828705&w=2 | X_refsource_misc | |
| http://online.securityfocus.com/archive/1/247427 | Mailing List | |
| http://online.securityfocus.com/archive/1/248149 | Mailing List | |
| http://www.securityfocus.com/bid/3748 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7741 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/21192 | 2001-12-22 |
| URL | Date | SRC |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2002-002.html | 2017-10-10 |
| URL | Date | SRC |
|---|---|---|
| http://stunnel.mirt.net/news.html | 2017-10-10 | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3 | 2017-10-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.3 Search vendor "Stunnel" for product "Stunnel" and version "3.3" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.4a Search vendor "Stunnel" for product "Stunnel" and version "3.4a" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.7 Search vendor "Stunnel" for product "Stunnel" and version "3.7" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.8 Search vendor "Stunnel" for product "Stunnel" and version "3.8" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.9 Search vendor "Stunnel" for product "Stunnel" and version "3.9" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.10 Search vendor "Stunnel" for product "Stunnel" and version "3.10" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.11 Search vendor "Stunnel" for product "Stunnel" and version "3.11" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.12 Search vendor "Stunnel" for product "Stunnel" and version "3.12" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.13 Search vendor "Stunnel" for product "Stunnel" and version "3.13" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.14 Search vendor "Stunnel" for product "Stunnel" and version "3.14" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.15 Search vendor "Stunnel" for product "Stunnel" and version "3.15" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.16 Search vendor "Stunnel" for product "Stunnel" and version "3.16" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.17 Search vendor "Stunnel" for product "Stunnel" and version "3.17" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.18 Search vendor "Stunnel" for product "Stunnel" and version "3.18" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.19 Search vendor "Stunnel" for product "Stunnel" and version "3.19" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.20 Search vendor "Stunnel" for product "Stunnel" and version "3.20" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.21 Search vendor "Stunnel" for product "Stunnel" and version "3.21" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.21a Search vendor "Stunnel" for product "Stunnel" and version "3.21a" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.21b Search vendor "Stunnel" for product "Stunnel" and version "3.21b" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.21c Search vendor "Stunnel" for product "Stunnel" and version "3.21c" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.22 Search vendor "Stunnel" for product "Stunnel" and version "3.22" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 3.24 Search vendor "Stunnel" for product "Stunnel" and version "3.24" | - |
Affected
| ||||||
| Engardelinux Search vendor "Engardelinux" | Secure Linux Search vendor "Engardelinux" for product "Secure Linux" | 1.0.1 Search vendor "Engardelinux" for product "Secure Linux" and version "1.0.1" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 8.1 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "8.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 7.2 Search vendor "Redhat" for product "Linux" and version "7.2" | - |
Affected
| ||||||