CVE-2011-2940 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Stunnel

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
9.3CRITICALNVD
EPSS
15.8%
top 5.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Stunnel
Timeline
PublishedAug 25
Latest updateMay 17

Description

stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

â–¶NVDstunnel/stunnel4.40, 4.41+1

🔴Vulnerability Details

3
GHSA
GHSA-rww2-jw3v-q88c: stunnel 4↗2022-05-17
â–¶
OSV
CVE-2011-2940: stunnel 4↗2011-08-25
â–¶
CVEList
CVE-2011-2940: stunnel 4↗2011-08-25
â–¶

📋Vendor Advisories

2
Red Hat
stunnel: heap corruption flaw in 4.4x leads to remote DoS and possible code execution↗2011-08-18
â–¶
Debian
CVE-2011-2940: stunnel4 - stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or ...↗2011
â–¶

💬Community

1
Bugzilla
CVE-2011-2940 stunnel: heap corruption flaw in 4.4x leads to remote DoS and possible code execution↗2011-08-19
â–¶
CVE-2011-2940 — Stunnel vulnerability | cvebase