CVE-2013-1762

Published: Mar 8, 2013Modified: Apr 29, 2026

6.6

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:C

Exploitability: 4.9 / Impact: 8.5

Source: NVD

Description

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

Affected (34)

Products: Stunnel: Stunnel

Stunnel

1 product

Stunnel

Configuration A

34 vulnerable

Vulnerable Software	Affected Versions
Stunnel Stunnel	Up to 4.54
Stunnel Stunnel	Version 4.21
Stunnel Stunnel	Version 4.22
Stunnel Stunnel	Version 4.23
Stunnel Stunnel	Version 4.24
Stunnel Stunnel	Version 4.25
Stunnel Stunnel	Version 4.26
Stunnel Stunnel	Version 4.27
Stunnel Stunnel	Version 4.28
Stunnel Stunnel	Version 4.29
Stunnel Stunnel	Version 4.30
Stunnel Stunnel	Version 4.31
Stunnel Stunnel	Version 4.32
Stunnel Stunnel	Version 4.33
Stunnel Stunnel	Version 4.34
Stunnel Stunnel	Version 4.35
Stunnel Stunnel	Version 4.36
Stunnel Stunnel	Version 4.37
Stunnel Stunnel	Version 4.38
Stunnel Stunnel	Version 4.39
Stunnel Stunnel	Version 4.40
Stunnel Stunnel	Version 4.41
Stunnel Stunnel	Version 4.42
Stunnel Stunnel	Version 4.43
Stunnel Stunnel	Version 4.44
Stunnel Stunnel	Version 4.45
Stunnel Stunnel	Version 4.46
Stunnel Stunnel	Version 4.47
Stunnel Stunnel	Version 4.48
Stunnel Stunnel	Version 4.49
Stunnel Stunnel	Version 4.50
Stunnel Stunnel	Version 4.51
Stunnel Stunnel	Version 4.52
Stunnel Stunnel	Version 4.53