Vulnerabilites related to silc - silc_toolkit
Vulnerability from fkie_nvd
Published
2008-03-31 17:44
Modified
2025-04-09 00:30
Severity ?
Summary
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silc | silc_client | * | |
| silc | silc_server | * | |
| silc | silc_toolkit | * | |
| redhat | fedora | 7 | |
| redhat | fedora | 8 | |
| silc | silc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silc:silc_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17399447-A537-43ED-8F3B-34A6B3775F91",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silc:silc_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C79529C3-3305-4C9F-81B9-6A230CEC864B",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29C8F2A5-C309-4BAB-B292-B95BE9BD335B",
"versionEndIncluding": "1.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silc:silc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A363089A-8328-48B1-9609-36A635EC4A46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the \"underflow\" term in cases of wraparound from unsigned subtraction."
},
{
"lang": "es",
"value": "La funci\u00f3n silc_pkcs1_decode de la librer\u00eda silccrypt (silcpkcs1.c) en Secure Internet Live Conferencing (SILC) Toolkit antes de 1.1.7, SILC Client antes de 1.1.4 y SILC Server antes de 1.1.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un mensaje PKCS#1 manipulado, lo que dispara un desbordamiento inferior de entero, un error de signo y un desbordamiento de b\u00fafer. NOTA: el investigador lo describe como un desbordamiento de entero, pero CVE utiliza el t\u00e9rmino \"desbordamiento inferior\" en casos de estrechamiento de resta sin signo."
}
],
"id": "CVE-2008-1552",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-31T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29463"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29465"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29622"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29946"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3795"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://silcnet.org/general/news/?item=client_20080320_1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://silcnet.org/general/news/?item=server_20080320_1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://silcnet.org/general/news/?item=toolkit_20080320_1"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/?action=item\u0026id=2206"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/490069/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019690"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0974/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41474"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://silcnet.org/general/news/?item=client_20080320_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://silcnet.org/general/news/?item=server_20080320_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://silcnet.org/general/news/?item=toolkit_20080320_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/?action=item\u0026id=2206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490069/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0974/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat does not consider this issue to be a security flaw as SILC is not used in a vulnerable manner in Red Hat Enterprise Linux 4 and 5.\n\nMore information can be found here:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=440049",
"lastModified": "2008-04-23T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-10 17:44
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silc | silc_toolkit | * | |
| silc | silc_toolkit | 1.1 | |
| silc | silc_toolkit | 1.1.1 | |
| silc | silc_toolkit | 1.1.2 | |
| silc | silc_toolkit | 1.1.3 | |
| silc | silc_toolkit | 1.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2976C62F-7634-4C5B-8FF6-DF7695E7D072",
"versionEndIncluding": "1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63D881BA-F3E0-4405-B1B8-67711A33BA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16798C55-A677-49EE-9B56-7EDE37B3C677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D81CC5DC-ACBD-4B9C-9F2C-0179679CE344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "850BFE54-530E-42D9-AF68-69D17AE52A52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB51D8F-1F16-44DB-9CA0-163F66240349",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n silc_fingerprint en lib/silcutil/silcutil.c de Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, y versiones anteriores no especificadas, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o la posibilidad de ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de datos de entrada largos."
}
],
"id": "CVE-2008-1227",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-10T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29174"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29323"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29946"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.6"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28101"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0769"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=372021"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=372021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41012"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-12 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silc | silc_client | 1.1.1 | |
| silc | silc_toolkit | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silc:silc_client:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "751D1CAD-DD9C-4B1A-8EE5-4DD3A454C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16798C55-A677-49EE-9B56-7EDE37B3C677",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via \"NICK_CHANGE\" notifications."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer lib/silcclient/client_notify.c de SILC Client y SILC Toolkit anterior a 1.1.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio mediante notificaciones \"NICK_CHANGE\" (cambio de apodo)."
}
],
"id": "CVE-2007-3728",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-12T17:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36730"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25939"
},
{
"source": "cve@mitre.org",
"url": "http://silcnet.org/docs/changelog/changes.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24795"
},
{
"source": "cve@mitre.org",
"url": "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2454"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://silcnet.org/docs/changelog/changes.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35281"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. libsilc was not shipped with Enterprise Linux 2.1 or 3. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4 or 5.",
"lastModified": "2007-07-17T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-1227 (GCVE-0-2008-1227)
Vulnerability from cvelistv5
Published
2008-03-10 17:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:33.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.6"
},
{
"name": "GLSA-200804-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"name": "silctoolkit-silcfingerprint-bo(41012)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41012"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=372021"
},
{
"name": "ADV-2008-0769",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0769"
},
{
"name": "29174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29174"
},
{
"name": "SUSE-SR:2008:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"name": "29946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29946"
},
{
"name": "28101",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28101"
},
{
"name": "29323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29323"
},
{
"name": "MDVSA-2008:158",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.6"
},
{
"name": "GLSA-200804-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"name": "silctoolkit-silcfingerprint-bo(41012)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41012"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=372021"
},
{
"name": "ADV-2008-0769",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0769"
},
{
"name": "29174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29174"
},
{
"name": "SUSE-SR:2008:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"name": "29946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29946"
},
{
"name": "28101",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28101"
},
{
"name": "29323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29323"
},
{
"name": "MDVSA-2008:158",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.6",
"refsource": "CONFIRM",
"url": "http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.6"
},
{
"name": "GLSA-200804-27",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"name": "silctoolkit-silcfingerprint-bo(41012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41012"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=372021",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=372021"
},
{
"name": "ADV-2008-0769",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0769"
},
{
"name": "29174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29174"
},
{
"name": "SUSE-SR:2008:006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"name": "29946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29946"
},
{
"name": "28101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28101"
},
{
"name": "29323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29323"
},
{
"name": "MDVSA-2008:158",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1227",
"datePublished": "2008-03-10T17:00:00",
"dateReserved": "2008-03-10T00:00:00",
"dateUpdated": "2024-08-07T08:17:33.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3728 (GCVE-0-2007-3728)
Vulnerability from cvelistv5
Published
2007-07-12 17:00
Modified
2024-08-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36730",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36730"
},
{
"name": "24795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24795"
},
{
"name": "silc-clienttoolkit-nickchange-bo(35281)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35281"
},
{
"name": "25939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25939"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://silcnet.org/docs/changelog/changes.txt"
},
{
"name": "ADV-2007-2454",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via \"NICK_CHANGE\" notifications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36730",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36730"
},
{
"name": "24795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24795"
},
{
"name": "silc-clienttoolkit-nickchange-bo(35281)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35281"
},
{
"name": "25939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25939"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://silcnet.org/docs/changelog/changes.txt"
},
{
"name": "ADV-2007-2454",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via \"NICK_CHANGE\" notifications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36730",
"refsource": "OSVDB",
"url": "http://osvdb.org/36730"
},
{
"name": "24795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24795"
},
{
"name": "silc-clienttoolkit-nickchange-bo(35281)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35281"
},
{
"name": "25939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25939"
},
{
"name": "http://silcnet.org/docs/changelog/changes.txt",
"refsource": "CONFIRM",
"url": "http://silcnet.org/docs/changelog/changes.txt"
},
{
"name": "ADV-2007-2454",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2454"
},
{
"name": "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2",
"refsource": "CONFIRM",
"url": "http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3728",
"datePublished": "2007-07-12T17:00:00",
"dateReserved": "2007-07-12T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1552 (GCVE-0-2008-1552)
Vulnerability from cvelistv5
Published
2008-03-31 17:00
Modified
2024-08-07 08:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29465",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29465"
},
{
"name": "29622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29622"
},
{
"name": "SUSE-SR:2008:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name": "1019690",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019690"
},
{
"name": "GLSA-200804-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"name": "3795",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://silcnet.org/general/news/?item=server_20080320_1"
},
{
"name": "20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490069/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://silcnet.org/general/news/?item=toolkit_20080320_1"
},
{
"name": "29463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29463"
},
{
"name": "FEDORA-2008-2641",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html"
},
{
"name": "ADV-2008-0974",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0974/references"
},
{
"name": "29946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29946"
},
{
"name": "28373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28373"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://silcnet.org/general/news/?item=client_20080320_1"
},
{
"name": "MDVSA-2008:158",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
},
{
"name": "silc-silcpkcs1decode-bo(41474)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41474"
},
{
"name": "FEDORA-2008-2616",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the \"underflow\" term in cases of wraparound from unsigned subtraction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29465",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29465"
},
{
"name": "29622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29622"
},
{
"name": "SUSE-SR:2008:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name": "1019690",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019690"
},
{
"name": "GLSA-200804-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"name": "3795",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://silcnet.org/general/news/?item=server_20080320_1"
},
{
"name": "20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490069/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://silcnet.org/general/news/?item=toolkit_20080320_1"
},
{
"name": "29463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29463"
},
{
"name": "FEDORA-2008-2641",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html"
},
{
"name": "ADV-2008-0974",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0974/references"
},
{
"name": "29946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29946"
},
{
"name": "28373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28373"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://silcnet.org/general/news/?item=client_20080320_1"
},
{
"name": "MDVSA-2008:158",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
},
{
"name": "silc-silcpkcs1decode-bo(41474)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41474"
},
{
"name": "FEDORA-2008-2616",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the \"underflow\" term in cases of wraparound from unsigned subtraction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29465"
},
{
"name": "29622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29622"
},
{
"name": "SUSE-SR:2008:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name": "1019690",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019690"
},
{
"name": "GLSA-200804-27",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-27.xml"
},
{
"name": "3795",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3795"
},
{
"name": "http://silcnet.org/general/news/?item=server_20080320_1",
"refsource": "CONFIRM",
"url": "http://silcnet.org/general/news/?item=server_20080320_1"
},
{
"name": "20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490069/100/0/threaded"
},
{
"name": "http://silcnet.org/general/news/?item=toolkit_20080320_1",
"refsource": "CONFIRM",
"url": "http://silcnet.org/general/news/?item=toolkit_20080320_1"
},
{
"name": "29463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29463"
},
{
"name": "FEDORA-2008-2641",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html"
},
{
"name": "ADV-2008-0974",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0974/references"
},
{
"name": "29946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29946"
},
{
"name": "28373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28373"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2206",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2206"
},
{
"name": "http://silcnet.org/general/news/?item=client_20080320_1",
"refsource": "CONFIRM",
"url": "http://silcnet.org/general/news/?item=client_20080320_1"
},
{
"name": "MDVSA-2008:158",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158"
},
{
"name": "silc-silcpkcs1decode-bo(41474)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41474"
},
{
"name": "FEDORA-2008-2616",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1552",
"datePublished": "2008-03-31T17:00:00",
"dateReserved": "2008-03-31T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}