cbcvebase.
CVE-2003-0740
published 2003-10-20

CVE-2003-0740: Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.

PriorityP413medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.70%
48.7th percentile
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.

Affected

24 ranges
VendorProductVersion rangeFixed in
debianstunnel4< stunnel4 2:4.04 (bookworm)stunnel4 2:4.04 (bookworm)
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.