FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-2940

This CVE name corresponds to:

Entered Topic
2011-08-26 stunnel -- heap corruption vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2011-2940
Phase Assigned(20110727)

Description

stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

References

Source Reference
MLIST [oss-security] 20110819 CVE request: stunnel 4.4x heap overflow flaw
MLIST [oss-security] 20110819 Re: CVE request: stunnel 4.4x heap overflow flaw
MLIST [stunnel-announce] 20110818 stunnel 4.42 released
CONFIRM http://stunnel.org/?page=sdf_ChangeLog
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=732068
BID 49254
OSVDB 74600
SECTRACK 1025959
SECUNIA 45705
XF stunnel-unspecifed-code-execution(69318)