Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username.
oryginał ENCVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:CStunnel
APPStunnel3.33.4a3.73.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Referencje
Powiązane podatności
CVE-2021-20230HIGH7.5ten sam produkt
A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configur...
CVE-2011-2940HIGH9.3ten sam produkt
stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (hea...
CVE-2008-2400HIGH7.2ten sam produkt
Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to ...
CVE-2002-0002HIGH7.5ten sam produkt
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp...
CVE-2015-3644MEDIUM5.8ten sam produkt
Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expecte...