Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.
oryginał ENCVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:PEngardelinux Secure Linux
OSEngardelinux1.0.1Mandrakesoft Mandrake Linux
OSMandrakesoft8.1Red Hat Linux
OSRedhat7.2Stunnel
APPStunnel3.103.113.123.133.143.153.163.173.183.193.203.213.21a3.21b3.21c+ 7 więcej
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
Referencje
Powiązane podatności
CVE-2002-0083CRITICAL9.8ten sam produkt
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious serve...
CVE-1999-0043CRITICAL9.8ten sam produkt
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages...
CVE-2025-36049HIGH8.8ten sam produkt
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injec...
CVE-2025-36048HIGH7.2ten sam produkt
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their...
CVE-2024-38319HIGH7.5ten sam produkt
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially...