CVE-2021-20230

Updated: 2024-11-30 03:12:49.808734

Description:

A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS stunnel 4.29 7.5 HIGH Not Vulnerable 2021-12-09 07:57:07
CentOS 8.4 ELS stunnel 5.56 7.5 HIGH Already Fixed 2023-10-30 11:22:48
CentOS 8.5 ELS stunnel 5.56 7.5 HIGH Already Fixed 2023-10-30 11:22:21
CloudLinux 6 ELS stunnel 4.29 7.5 HIGH Not Vulnerable 2021-12-09 07:57:07
Oracle Linux 6 ELS stunnel 4.29 7.5 HIGH Not Vulnerable 2021-12-09 07:57:07
Ubuntu 16.04 ELS stunnel 5.30-1 7.5 HIGH Not Vulnerable 2021-12-09 07:57:07
Ubuntu 18.04 ELS stunnel 5.44-1 7.5 HIGH Released CLSA-2023:1689701258 2023-07-18 14:08:42