CVE-2013-1762 in Ubuntu

CVE-2013-1762

Priority

Description

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM
authentication are enabled, does not correctly perform integer conversion,
which allows remote proxy servers to execute arbitrary code via a crafted
request that triggers a buffer overflow.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762
https://www.stunnel.org/CVE-2013-1762.html

Bugs

https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1150150
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702267

Assigned-to

mdeslaur

Notes

Package

Source: stunnel4 (LP Ubuntu Debian)

Upstream:

released (4.55,3:4.53-1.1)

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2019-12-05 21:03:24 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)