Vulnerability in Engardelinux Secure_linux

CVE-2002-0002

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

EPSS: 0.053 (91.5th percentile) — read the EPSS interpretation.

Affected products

Engardelinux Secure_linux — versions 1.0.1
Mandrakesoft Mandrake_linux — versions 8.1
Stunnel — versions 3.3, 3.4a, 3.7
Redhat Linux — versions 7.2
N/a — versions n/a

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (vendor-advisory, x_refsource_MANDRAKE)
cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Patch, Vendor Advisory)
cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)