CVE-2002-0002

stunnel <3.22 - RCE

Title source: llm

Description

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

Exploits (1)

exploitdb WORKING POC VERIFIED

by deltha · cremotelinux

https://www.exploit-db.com/exploits/21192

View Code ZIP pw:eip

References (8)

[Mailing List] http://marc.info/?l=stunnel-users&m=100869449828705&w=2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/3748

[Various Sources] http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/248149

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/7741

[Vendor Advisory] http://stunnel.mirt.net/news.html

[Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2002-002.html

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/247427

Scores

EPSS 0.1562

EPSS Percentile 94.7%

Details

Status published

Products (25)

engardelinux/secure_linux 1.0.1

mandrakesoft/mandrake_linux 8.1

redhat/linux 7.2

stunnel/stunnel 3.3

stunnel/stunnel 3.4a

stunnel/stunnel 3.7

stunnel/stunnel 3.8

stunnel/stunnel 3.9

stunnel/stunnel 3.10

stunnel/stunnel 3.11

... and 15 more

Published Jan 31, 2002

Tracked Since Feb 18, 2026