CVE-2013-1762
stunnel4 - buffer overflow
EPSS 2.0%
Description
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
How to fix CVE-2013-1762
To remediate CVE-2013-1762, upgrade the affected package to a fixed version below.
- Debian/stunnel4—upgrade to 3:4.53-1.1 or later
- Debian/stunnel4—upgrade to 3:4.29-1+squeeze1 or later
Is CVE-2013-1762 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3:4.53-1.1
- from 0, < 3:4.29-1+squeeze1