CVE-2013-1762
Stunnel: buffer overflow vulnerability due to incorrect integer conversion in the NTLM authentication of the CONNECT protocol negotiation
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
stunnel v4.21 a v4.54, cuando el protocolo de negociación CONNECT y la autenticación NTLM están habilitadas, no realiza la conversión de enteros correctamente, lo que permite ejecutar código de su elección a servidores remotos proxy a través de una solicitud hecha a mano que dispara un desbordamiento de búfer.
Multiple vulnerabilities have been found in stunnel, the worst of which may cause a Denial of Service condition. Versions less than 4.56-r1 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-19 CVE Reserved
- 2013-03-08 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0714.html | 2014-01-17 | |
| http://www.debian.org/security/2013/dsa-2664 | 2014-01-17 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:130 | 2014-01-17 | |
| https://www.stunnel.org/CVE-2013-1762.html | 2014-01-17 | |
| https://access.redhat.com/security/cve/CVE-2013-1762 | 2013-04-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=917839 | 2013-04-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | <= 4.54 Search vendor "Stunnel" for product "Stunnel" and version " <= 4.54" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.21 Search vendor "Stunnel" for product "Stunnel" and version "4.21" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.22 Search vendor "Stunnel" for product "Stunnel" and version "4.22" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.23 Search vendor "Stunnel" for product "Stunnel" and version "4.23" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.24 Search vendor "Stunnel" for product "Stunnel" and version "4.24" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.25 Search vendor "Stunnel" for product "Stunnel" and version "4.25" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.26 Search vendor "Stunnel" for product "Stunnel" and version "4.26" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.27 Search vendor "Stunnel" for product "Stunnel" and version "4.27" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.28 Search vendor "Stunnel" for product "Stunnel" and version "4.28" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.29 Search vendor "Stunnel" for product "Stunnel" and version "4.29" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.30 Search vendor "Stunnel" for product "Stunnel" and version "4.30" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.31 Search vendor "Stunnel" for product "Stunnel" and version "4.31" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.32 Search vendor "Stunnel" for product "Stunnel" and version "4.32" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.33 Search vendor "Stunnel" for product "Stunnel" and version "4.33" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.34 Search vendor "Stunnel" for product "Stunnel" and version "4.34" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.35 Search vendor "Stunnel" for product "Stunnel" and version "4.35" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.36 Search vendor "Stunnel" for product "Stunnel" and version "4.36" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.37 Search vendor "Stunnel" for product "Stunnel" and version "4.37" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.38 Search vendor "Stunnel" for product "Stunnel" and version "4.38" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.39 Search vendor "Stunnel" for product "Stunnel" and version "4.39" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.40 Search vendor "Stunnel" for product "Stunnel" and version "4.40" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.41 Search vendor "Stunnel" for product "Stunnel" and version "4.41" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.42 Search vendor "Stunnel" for product "Stunnel" and version "4.42" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.43 Search vendor "Stunnel" for product "Stunnel" and version "4.43" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.44 Search vendor "Stunnel" for product "Stunnel" and version "4.44" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.45 Search vendor "Stunnel" for product "Stunnel" and version "4.45" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.46 Search vendor "Stunnel" for product "Stunnel" and version "4.46" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.47 Search vendor "Stunnel" for product "Stunnel" and version "4.47" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.48 Search vendor "Stunnel" for product "Stunnel" and version "4.48" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.49 Search vendor "Stunnel" for product "Stunnel" and version "4.49" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.50 Search vendor "Stunnel" for product "Stunnel" and version "4.50" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.51 Search vendor "Stunnel" for product "Stunnel" and version "4.51" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.52 Search vendor "Stunnel" for product "Stunnel" and version "4.52" | - |
Affected
| ||||||
| Stunnel Search vendor "Stunnel" | Stunnel Search vendor "Stunnel" for product "Stunnel" | 4.53 Search vendor "Stunnel" for product "Stunnel" and version "4.53" | - |
Affected
| ||||||