stunnel 4.21 - 4.54 Multiple Vulnerabilities

medium Nessus Plugin ID 65690


The remote Windows host contains a program that is affected by multiple vulnerabilities.


The version of stunnel installed on the remote host is a version after 4.21 and prior to 4.55. It is, therefore, affected by the following vulnerabilities :

- The bundled version of OpenSSL contains an error related to CBC-mode and timing that allows an attacker to recover plaintext from encrypted communications.

- A buffer overflow condition exists related to NTLM authentication. Note this issue does not affect 32-bit builds.(CVE-2013-1762)


Upgrade to stunnel version 4.55 or later.

See Also

Plugin Details

Severity: Medium

ID: 65690

File Name: stunnel_4_55.nasl

Version: 1.19

Type: local

Agent: windows

Family: Windows

Published: 3/26/2013

Updated: 12/5/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Medium

Base Score: 6.6

Temporal Score: 4.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:C

CVSS Score Source: CVE-2013-1762

Vulnerability Information

CPE: cpe:/a:stunnel:stunnel

Required KB Items: installed_sw/stunnel

Exploit Ease: No known exploits are available

Patch Publication Date: 3/3/2013

Vulnerability Publication Date: 2/4/2013

Reference Information

CVE: CVE-2013-0169, CVE-2013-1762

BID: 57778, 58277