STunnel Client Negotiation Protocol Format String Vulnerability

Stunnel is a freely available, open source cryptography wrapper. It is designed to wrap arbitrary protocols that may or may not support cryptography. It is maintained by the Stunnel project.

Stunnel does not properly handle unexpected input by users. When a protocol is initiated between a client and the server, it is possible to supply a format string to the Stunnel server that may result in the execution of arbitrary code.


Privacy Statement
Copyright 2010, SecurityFocus