PT-2008-3111 · Silc · Silc Toolkit+3

Publicado

2008-03-31

Atualizado

2018-10-11

CVE-2008-1552

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SILC Toolkit versions prior to 1.1.7 SILC Client versions prior to 1.1.4 SILC Server versions prior to 1.1.2

Description The silc pkcs1 decode function in the silccrypt library allows remote attackers to execute arbitrary code via a crafted PKCS#1 message. This is due to an integer underflow, signedness error, and a buffer overflow, which can be triggered by a specially crafted message.

Recommendations For SILC Toolkit versions prior to 1.1.7, update to version 1.1.7 or later. For SILC Client versions prior to 1.1.4, update to version 1.1.4 or later. For SILC Server versions prior to 1.1.2, update to version 1.1.2 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CVE-2008-1552

Produtos afetados

Silc Client

Silc Server

Silc Toolkit

Silccrypt Library

PT-2008-3111 · Silc · Silc Toolkit+3

CVE-2008-1552

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20