CVE-2002-0002

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

Published: Jan 31, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0002
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
stunnel / stunnel	3.21c	3.21c.x
stunnel / stunnel	3.7	3.7.x
stunnel / stunnel	3.3	3.3.x
stunnel / stunnel	3.21b	3.21b.x
stunnel / stunnel	3.14	3.14.x
stunnel / stunnel	3.4a	3.4a.x
stunnel / stunnel	3.22	3.22.x
stunnel / stunnel	3.18	3.18.x
stunnel / stunnel	3.20	3.20.x
stunnel / stunnel	3.15	3.15.x
stunnel / stunnel	3.24	3.24.x
stunnel / stunnel	3.11	3.11.x
stunnel / stunnel	3.8	3.8.x
stunnel / stunnel	3.21	3.21.x
stunnel / stunnel	3.13	3.13.x
stunnel / stunnel	3.17	3.17.x
stunnel / stunnel	3.10	3.10.x
stunnel / stunnel	3.16	3.16.x
stunnel / stunnel	3.9	3.9.x
stunnel / stunnel	3.12	3.12.x
stunnel / stunnel	3.21a	3.21a.x
stunnel / stunnel	3.19	3.19.x
redhat / linux	7.2	7.2.x
mandrakesoft / mandrake_linux	8.1	8.1.x
engardelinux / secure_linux	1.0.1	1.0.1.x

Vulnerability Database

289,599

CVE-2002-0002