Sign in Get started

← All advisories

Unrated severityNVD Advisory· Published Feb 12, 2001· Updated Apr 16, 2026

CVE-2001-0060

CVE-2001-0060

Description

Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username.

Affected products

4

Stunnel/Stunnel4 versions
cpe:2.3:a:stunnel:stunnel:3.3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:stunnel:stunnel:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:stunnel:stunnel:3.4a:*:*:*:*:*:*:*
- cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

archives.neohapsis.com/archives/bugtraq/2000-12/0337.htmlnvdPatchVendor Advisory
www.securityfocus.com/archive/1/151719nvdPatchVendor Advisory
www.securityfocus.com/bid/2128nvdPatchVendor Advisory
distro.conectiva.com.br/atualizacoes/nvd
www.debian.org/security/2001/dsa-009nvd
www.redhat.com/support/errata/RHSA-2000-129.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/5807nvd

News mentions

0

No linked articles in our index yet.