CVE-2008-2420

NameCVE-2008-2420
DescriptionThe OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs482644

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
stunnel4 (PTS)buster3:5.50-3fixed
bullseye3:5.56+dfsg-10fixed
bookworm3:5.68-2+deb12u1fixed
trixie, sid3:5.72-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
stunnel4source(unstable)3:4.22-1.1low482644

Search for package or bug name: Reporting problems