Michal Trojnara

**Name of the Vulnerable Software and Affected Versions** stunnel versions 4.21 through 4.54 stunnel version 4.29 **Description** The issue arises when the CONNECT protocol negotiation and NTLM authentication are enabled in stunnel, leading to incorrect integer conversion. This allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow. Exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information and can be carried out remotely. **Recommendations** For stunnel versions 4.21 through 4.54, update to a version later than 4.54 to resolve the issue. For stunnel version 4.29, update to a version later than 4.29 to resolve the issue. As a temporary workaround, consider disabling NTLM authentication and CONNECT protocol negotiation until a patch is available. Restrict access to the stunnel service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Citrix Access Gateway Enterprise Edition versions 8.1 through 8.1-67.7 Citrix Access Gateway Enterprise Edition versions 9.0 through 9.0-70.5 Citrix Access Gateway Enterprise Edition versions 9.1 through 9.1-96.4 **Description** A stack-based buffer overflow issue exists in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx. This allows remote attackers to execute arbitrary code via crafted HTTP header data. **Recommendations** For Citrix Access Gateway Enterprise Edition versions 8.1 through 8.1-67.7, update to version 8.1-67.7 or later. For Citrix Access Gateway Enterprise Edition versions 9.0 through 9.0-70.5, update to version 9.0-70.5 or later. For Citrix Access Gateway Enterprise Edition versions 9.1 through 9.1-96.4, update to version 9.1-96.4 or later.

Name of the Vulnerable Software and Affected Versions: stunnel versions prior to 4.23 Description: The issue allows local users to gain privileges via unknown attack vectors when stunnel is running as a service on Windows. Recommendations: For versions prior to 4.23, update to version 4.23 or later to resolve the issue.