CVE-2002-0002

Name of the Vulnerable Software and Affected Versions stunnel versions prior to 3.22

Description The issue allows remote malicious servers to execute arbitrary code when stunnel is used in client mode for protocols such as smtp, pop, or nntp. Exploitation of the vulnerabilities can lead to disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For versions prior to 3.22, update to version 3.22 or later to resolve the issue. As a temporary workaround, consider restricting the use of stunnel in client mode for smtp, pop, and nntp protocols until a patch is available.