CVE-2013-1762

Name of the Vulnerable Software and Affected Versions stunnel versions 4.21 through 4.54 stunnel version 4.29

Description The issue arises when the CONNECT protocol negotiation and NTLM authentication are enabled in stunnel, leading to incorrect integer conversion. This allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow. Exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For stunnel versions 4.21 through 4.54, update to a version later than 4.54 to resolve the issue. For stunnel version 4.29, update to a version later than 4.29 to resolve the issue. As a temporary workaround, consider disabling NTLM authentication and CONNECT protocol negotiation until a patch is available. Restrict access to the stunnel service to minimize the risk of exploitation.