Mandriva Linux Security Advisory 2013-130 - stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow.
5820bcf9444903bd1647e9bcc86b61f63e7bd6b55e6ce21f29c6945caf2801a9