CVE-2013-1762
Published: 8 March 2013
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
Priority
Status
Package | Release | Status |
---|---|---|
stunnel4 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(3:4.29-1+squeeze1build0.10.04.1)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Released
(3:4.42-1ubuntu0.1)
|
|
quantal |
Released
(3:4.53-1ubuntu0.1)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(3:4.53-1.1)
|
|
upstream |
Released
(4.55,3:4.53-1.1)
|