stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
oryginał ENCVSS Vector
AV:N/AC:M/Au:N/C:C/I:C/A:CStunnel
APPStunnel4.404.41
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDoS
CWE
Referencje
Powiązane podatności
CVE-2021-20230HIGH7.5ten sam produkt
A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configur...
CVE-2008-2400HIGH7.2ten sam produkt
Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to ...
CVE-2002-0002HIGH7.5ten sam produkt
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp...
CVE-2001-0060HIGH10.0ten sam produkt
Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a ma...
CVE-2015-3644MEDIUM5.8ten sam produkt
Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expecte...