CVE-2013-1762
Stunnel: buffer overflow vulnerability due to incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation
Severity Score
6.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
stunnel v4.21 a v4.54, cuando el protocolo de negociación CONNECT y la autenticación NTLM están habilitadas, no realiza la conversión de enteros correctamente, lo que permite ejecutar código de su elección a servidores remotos proxy a través de una solicitud hecha a mano que dispara un desbordamiento de búfer.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-19 CVE Reserved
- 2013-03-08 CVE Published
- 2024-04-01 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0714.html | 2014-01-17 | |
| http://www.debian.org/security/2013/dsa-2664 | 2014-01-17 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:130 | 2014-01-17 | |
| https://www.stunnel.org/CVE-2013-1762.html | 2014-01-17 | |
| https://access.redhat.com/security/cve/CVE-2013-1762 | 2013-04-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=917839 | 2013-04-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | <= 4.54 Search vendor "Stunnel" for product "Stunnel" and version " <= 4.54" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.21 Search vendor "Stunnel" for product "Stunnel" and version "4.21" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.22 Search vendor "Stunnel" for product "Stunnel" and version "4.22" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.23 Search vendor "Stunnel" for product "Stunnel" and version "4.23" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.24 Search vendor "Stunnel" for product "Stunnel" and version "4.24" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.25 Search vendor "Stunnel" for product "Stunnel" and version "4.25" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.26 Search vendor "Stunnel" for product "Stunnel" and version "4.26" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.27 Search vendor "Stunnel" for product "Stunnel" and version "4.27" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.28 Search vendor "Stunnel" for product "Stunnel" and version "4.28" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.29 Search vendor "Stunnel" for product "Stunnel" and version "4.29" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.30 Search vendor "Stunnel" for product "Stunnel" and version "4.30" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.31 Search vendor "Stunnel" for product "Stunnel" and version "4.31" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.32 Search vendor "Stunnel" for product "Stunnel" and version "4.32" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.33 Search vendor "Stunnel" for product "Stunnel" and version "4.33" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.34 Search vendor "Stunnel" for product "Stunnel" and version "4.34" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.35 Search vendor "Stunnel" for product "Stunnel" and version "4.35" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.36 Search vendor "Stunnel" for product "Stunnel" and version "4.36" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.37 Search vendor "Stunnel" for product "Stunnel" and version "4.37" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.38 Search vendor "Stunnel" for product "Stunnel" and version "4.38" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.39 Search vendor "Stunnel" for product "Stunnel" and version "4.39" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.40 Search vendor "Stunnel" for product "Stunnel" and version "4.40" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.41 Search vendor "Stunnel" for product "Stunnel" and version "4.41" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.42 Search vendor "Stunnel" for product "Stunnel" and version "4.42" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.43 Search vendor "Stunnel" for product "Stunnel" and version "4.43" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.44 Search vendor "Stunnel" for product "Stunnel" and version "4.44" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.45 Search vendor "Stunnel" for product "Stunnel" and version "4.45" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.46 Search vendor "Stunnel" for product "Stunnel" and version "4.46" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.47 Search vendor "Stunnel" for product "Stunnel" and version "4.47" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.48 Search vendor "Stunnel" for product "Stunnel" and version "4.48" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.49 Search vendor "Stunnel" for product "Stunnel" and version "4.49" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.50 Search vendor "Stunnel" for product "Stunnel" and version "4.50" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.51 Search vendor "Stunnel" for product "Stunnel" and version "4.51" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.52 Search vendor "Stunnel" for product "Stunnel" and version "4.52" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.53 Search vendor "Stunnel" for product "Stunnel" and version "4.53" | - |
Affected
| ||||||