CVE-2002-0002

stunnel < 3.22 - Remote Code Execution via Format String in Client Mode

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0002. PoCs published by deltha.

AI-analyzed exploit summary This exploit targets a format string vulnerability in Stunnel versions 3.3 to 3.21c when using client mode with protocol negotiation options (-n smtp, -n pop, -n nntp). It allows remote code execution by crafting a malicious payload that overwrites memory addresses via format string manipulation.

Description

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

Exploits (1)

exploitdb WORKING POC VERIFIED

by deltha · cremotelinux

https://www.exploit-db.com/exploits/21192

View Code ZIP pw:eip

This exploit targets a format string vulnerability in Stunnel versions 3.3 to 3.21c when using client mode with protocol negotiation options (-n smtp, -n pop, -n nntp). It allows remote code execution by crafting a malicious payload that overwrites memory addresses via format string manipulation.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Stunnel < 3.22

No auth needed

Prerequisites: Stunnel running in client mode with protocol negotiation options (-n smtp, -n pop, or -n nntp) · Network access to the target Stunnel instance

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →