Candidate: CVE-2013-1762
PublicDate: 2013-03-08 18:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762
 https://www.stunnel.org/CVE-2013-1762.html
Description:
 stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM
 authentication are enabled, does not correctly perform integer conversion,
 which allows remote proxy servers to execute arbitrary code via a crafted
 request that triggers a buffer overflow.
Ubuntu-Description: 
Notes: 
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1150150
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702267
Priority: medium
Discovered-by: Mateusz Kocielski
Assigned-to: mdeslaur
CVSS: 

Patches_stunnel4:
upstream_stunnel4: released (4.55,3:4.53-1.1)
hardy_stunnel4: ignored (reached end-of-life)
lucid_stunnel4: released (3:4.29-1+squeeze1build0.10.04.1)
oneiric_stunnel4: ignored (reached end-of-life)
precise_stunnel4: released (3:4.42-1ubuntu0.1)
quantal_stunnel4: released (3:4.53-1ubuntu0.1)
raring_stunnel4: ignored (reached end-of-life)
saucy_stunnel4: not-affected (3:4.53-1.1)
devel_stunnel4: not-affected (3:4.53-1.1ubuntu1)