CVE-2003-0740

Exp

Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.

Published: 2003-10-20 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2003-0740 is rated Exploit Available (50/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.12%). 1 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2003-0740

EDB-ID Source Kind Published Link
91 exploit_db edb 2003-09-05 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2003-0740

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-30 0.16% 0.12% -0.04%
2 2025-03-29 0.12% 0.16% +0.04%
3 2025-03-17 0.12%

Full EPSS history (5 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2003-0740

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.6 2.0 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 3.9 6.4 [email protected]

Weakness enumeration for CVE-2003-0740

OS Trackers for CVE-2003-0740

vendor priority summary link
debian not yet assigned CVE-2003-0740 not yet assigned priority: Debian including 2 source packages (stunnel, stunnel4), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. https://security-tracker.debian.org/tracker/CVE-2003-0740
redhat high https://access.redhat.com/security/cve/CVE-2003-0740

Affected software / configurations for CVE-2003-0740

Vendor Product Version Raw CPE
stunnel stunnel 3.3 cpe:2.3:a:stunnel:stunnel:3.3:*:*:*:*:*:*:*
stunnel stunnel 3.4a cpe:2.3:a:stunnel:stunnel:3.4a:*:*:*:*:*:*:*
stunnel stunnel 3.7 cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*
stunnel stunnel 3.8 cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*
stunnel stunnel 3.9 cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*
stunnel stunnel 3.10 cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*
stunnel stunnel 3.11 cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*
stunnel stunnel 3.12 cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*
stunnel stunnel 3.13 cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*
stunnel stunnel 3.14 cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*
stunnel stunnel 3.15 cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*
stunnel stunnel 3.16 cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*
stunnel stunnel 3.17 cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*
stunnel stunnel 3.18 cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*
stunnel stunnel 3.19 cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*
stunnel stunnel 3.20 cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*
stunnel stunnel 3.21 cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*
stunnel stunnel 3.21a cpe:2.3:a:stunnel:stunnel:3.21a:*:*:*:*:*:*:*
stunnel stunnel 3.21b cpe:2.3:a:stunnel:stunnel:3.21b:*:*:*:*:*:*:*
stunnel stunnel 3.21c cpe:2.3:a:stunnel:stunnel:3.21c:*:*:*:*:*:*:*
stunnel stunnel 3.22 cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*
stunnel stunnel 3.24 cpe:2.3:a:stunnel:stunnel:3.24:*:*:*:*:*:*:*
stunnel stunnel 4.0 cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*

References for CVE-2003-0740

cvelogic Threat Intelligence