stunnel: Vulnerabilities

Historical Vulnerabilities

  • CVE-2015-3644 authentication bypass with the "redirect" option
  • CVE-2014-0016 private key leak via weak OpenSSL PRNG handling with FORK threading
  • CVE-2013-1762 remote code execution via invalid integer conversion in the NTLM authentication
  • CVE-2011-2940 denial of service (possible remote code execution) via heap memory corruption
  • CVE-2008-2420 authentication bypass via weak OCSP protocol handling
  • CVE-2008-2400 local privilege escalation on Windows service
  • CVE-2003-0740 file descriptor leak to clients spawned with the "exec" option
  • CVE-2003-0147 private key leak via missing RSA blinding (an OpenSSL bug)
  • CVE-2002-1563 denial of service via race conditions in signal handling
  • CVE-2002-0002 remote code execution via format string vulnerabilities in protocol negotiations
  • CVE-2001-0060 remote code execution via format string vulnerability in inetd username

View Michal Trojnara's profile on LinkedIn

Valid HTML 4.01 Transitional