CVE-2013-1762

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

🔗 References (10)

• cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0714.html
• cve@mitrehttp://www.debian.org/security/2013/dsa-2664
• cve@mitrehttp://www.mandriva.com/security/advisories?name=MDVSA-2013:130
• cve@mitrehttps://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097
• cve@mitrehttps://www.stunnel.org/CVE-2013-1762.html
• af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0714.html
• af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2664
• af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:130
• af854a3a-2127-422b-91ae-364da2661108https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097
• af854a3a-2127-422b-91ae-364da2661108https://www.stunnel.org/CVE-2013-1762.html