Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:PEngardelinux Secure Linux
OSEngardelinux1.0.1Mandrakesoft Mandrake Linux
OSMandrakesoft8.1Red Hat Linux
OSRedhat7.2Stunnel
APPStunnel3.103.113.123.133.143.153.163.173.183.193.203.213.21a3.21b3.21c+ 7 więcej
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
References
Related vulnerabilities
CVE-2002-0083CRITICAL9.8ten sam produkt
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious serve...
CVE-1999-0043CRITICAL9.8ten sam produkt
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages...
CVE-2025-36049HIGH8.8ten sam produkt
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injec...
CVE-2025-36048HIGH7.2ten sam produkt
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their...
CVE-2024-38319HIGH7.5ten sam produkt
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially...