CVE-2013-1762
Stunnel: buffer overflow vulnerability due to incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
stunnel v4.21 a v4.54, cuando el protocolo de negociación CONNECT y la autenticación NTLM están habilitadas, no realiza la conversión de enteros correctamente, lo que permite ejecutar código de su elección a servidores remotos proxy a través de una solicitud hecha a mano que dispara un desbordamiento de búfer.
Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager (NTLM) authentication ("protocolAuthentication = NTLM") together with the 'connect' protocol method ("protocol = connect"). With these prerequisites and using stunnel4 in SSL client mode ("client = yes") on a 64bit host, an attacker could possibly execute arbitrary code with the privileges of the stunnel process, if the attacker can either control the specified proxy server or perform man-in-the-middle attacks on the tcp session between stunnel and the proxy sever.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-19 CVE Reserved
- 2013-03-08 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0714.html | 2014-01-17 | |
| http://www.debian.org/security/2013/dsa-2664 | 2014-01-17 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:130 | 2014-01-17 | |
| https://www.stunnel.org/CVE-2013-1762.html | 2014-01-17 | |
| https://access.redhat.com/security/cve/CVE-2013-1762 | 2013-04-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=917839 | 2013-04-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | <= 4.54 Search vendor "Stunnel" for product "Stunnel" and version " <= 4.54" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.21 Search vendor "Stunnel" for product "Stunnel" and version "4.21" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.22 Search vendor "Stunnel" for product "Stunnel" and version "4.22" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.23 Search vendor "Stunnel" for product "Stunnel" and version "4.23" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.24 Search vendor "Stunnel" for product "Stunnel" and version "4.24" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.25 Search vendor "Stunnel" for product "Stunnel" and version "4.25" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.26 Search vendor "Stunnel" for product "Stunnel" and version "4.26" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.27 Search vendor "Stunnel" for product "Stunnel" and version "4.27" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.28 Search vendor "Stunnel" for product "Stunnel" and version "4.28" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.29 Search vendor "Stunnel" for product "Stunnel" and version "4.29" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.30 Search vendor "Stunnel" for product "Stunnel" and version "4.30" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.31 Search vendor "Stunnel" for product "Stunnel" and version "4.31" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.32 Search vendor "Stunnel" for product "Stunnel" and version "4.32" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.33 Search vendor "Stunnel" for product "Stunnel" and version "4.33" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.34 Search vendor "Stunnel" for product "Stunnel" and version "4.34" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.35 Search vendor "Stunnel" for product "Stunnel" and version "4.35" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.36 Search vendor "Stunnel" for product "Stunnel" and version "4.36" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.37 Search vendor "Stunnel" for product "Stunnel" and version "4.37" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.38 Search vendor "Stunnel" for product "Stunnel" and version "4.38" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.39 Search vendor "Stunnel" for product "Stunnel" and version "4.39" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.40 Search vendor "Stunnel" for product "Stunnel" and version "4.40" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.41 Search vendor "Stunnel" for product "Stunnel" and version "4.41" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.42 Search vendor "Stunnel" for product "Stunnel" and version "4.42" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.43 Search vendor "Stunnel" for product "Stunnel" and version "4.43" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.44 Search vendor "Stunnel" for product "Stunnel" and version "4.44" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.45 Search vendor "Stunnel" for product "Stunnel" and version "4.45" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.46 Search vendor "Stunnel" for product "Stunnel" and version "4.46" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.47 Search vendor "Stunnel" for product "Stunnel" and version "4.47" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.48 Search vendor "Stunnel" for product "Stunnel" and version "4.48" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.49 Search vendor "Stunnel" for product "Stunnel" and version "4.49" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.50 Search vendor "Stunnel" for product "Stunnel" and version "4.50" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.51 Search vendor "Stunnel" for product "Stunnel" and version "4.51" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.52 Search vendor "Stunnel" for product "Stunnel" and version "4.52" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.53 Search vendor "Stunnel" for product "Stunnel" and version "4.53" | - |
Affected
| ||||||