Name of the Vulnerable Software and Affected Versions stunnel versions prior to 5.62

Description The issue concerns a security bugfix related to the "redirect" option, which was not properly handling unauthenticated requests. Additionally, a double free bug was fixed in conjunction with OpenSSL versions older than 1.1.0. The systemd service has been hardened. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For versions prior to 5.62, update to version 5.62 to resolve the issue. As a temporary workaround, consider disabling the redirect option until the update is applied. Restrict access to the systemd service to minimize the risk of exploitation. Avoid using the protocol option in combination with redirect for smtp, pop3, and imap protocols until the issue is resolved.