Launchpad.net

CVE 2013-1762

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

Related bugs and status

CVE-2013-1762 (Candidate) is related to these bugs:

Bug #1150150: Security vulnerability in stunnel versions 4.21 - 4.54

		In	Importance	Status
1150150	Security vulnerability in stunnel versions 4.21 - 4.54	stunnel4 (Ubuntu)	Undecided	Fix Released
1150150	Security vulnerability in stunnel versions 4.21 - 4.54	stunnel4 (Debian)	Unknown	Fix Released
1150150	Security vulnerability in stunnel versions 4.21 - 4.54	stunnel4 (Ubuntu Precise)	Undecided	Fix Released
1150150	Security vulnerability in stunnel versions 4.21 - 4.54	stunnel4 (Ubuntu Quantal)	Undecided	Fix Released
1150150	Security vulnerability in stunnel versions 4.21 - 4.54	stunnel4 (Ubuntu Saucy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-1762

Related bugs and status

Related bugs

References