CVE-2011-2940
published 2011-08-25CVE-2011-2940: stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
PriorityP342critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
5.71%
92.1th percentile
stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | stunnel4 | < stunnel4 3:4.42-1 (bookworm) | stunnel4 3:4.42-1 (bookworm) |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
stunnel: heap corruption flaw in 4.4x leads to remote DoS and possible code execution
vendor_redhat·2011-08-18·CVSS 9.3
CVE-2011-2940 [CRITICAL] stunnel: heap corruption flaw in 4.4x leads to remote DoS and possible code execution
stunnel: heap corruption flaw in 4.4x leads to remote DoS and possible code execution
stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Statement: Not vulnerable. This issue did not affect the versions of stunnel as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Package: stunnel (Red Hat Enterprise Linux 4) - Not affected
Package: stunnel (Red Hat Enterprise Linux 5) - Not affected
Package: stunnel (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2011-2940: stunnel4 - stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or ...
vendor_debian·2011·CVSS 9.3
CVE-2011-2940 [CRITICAL] CVE-2011-2940: stunnel4 - stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or ...
stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Scope: local
bookworm: resolved (fixed in 3:4.42-1)
bullseye: resolved (fixed in 3:4.42-1)
forky: resolved (fixed in 3:4.42-1)
sid: resolved (fixed in 3:4.42-1)
trixie: resolved (fixed in 3:4.42-1)
GHSA
GHSA-rww2-jw3v-q88c: stunnel 4
ghsa_unreviewed·2022-05-17
CVE-2011-2940 [HIGH] CWE-119 GHSA-rww2-jw3v-q88c: stunnel 4
stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
OSV
CVE-2011-2940: stunnel 4
osv·2011-08-25·CVSS 9.3
CVE-2011-2940 [CRITICAL] CVE-2011-2940: stunnel 4
stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/45705http://securitytracker.com/id?1025959http://stunnel.org/?page=sdf_ChangeLoghttp://www.openwall.com/lists/oss-security/2011/08/19/18http://www.openwall.com/lists/oss-security/2011/08/19/6http://www.osvdb.org/74600http://www.securityfocus.com/bid/49254http://www.stunnel.org/pipermail/stunnel-announce/2011-August/000059.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=732068https://exchange.xforce.ibmcloud.com/vulnerabilities/69318http://secunia.com/advisories/45705http://securitytracker.com/id?1025959http://stunnel.org/?page=sdf_ChangeLoghttp://www.openwall.com/lists/oss-security/2011/08/19/18http://www.openwall.com/lists/oss-security/2011/08/19/6http://www.osvdb.org/74600http://www.securityfocus.com/bid/49254http://www.stunnel.org/pipermail/stunnel-announce/2011-August/000059.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=732068https://exchange.xforce.ibmcloud.com/vulnerabilities/69318
2011-08-25
Published