Buffer Overflow Vulnerability in stunnel 4.21 through 4.54 with CONNECT Protocol and NTLM Authentication

Buffer Overflow Vulnerability in stunnel 4.21 through 4.54 with CONNECT Protocol and NTLM Authentication

CVE-2013-1762 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:C

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.

Learn more about our Cis Benchmark Audit For Server Software.