PT-2008-3111 · Silc · Silc Toolkit+3

Published

2008-03-31

Updated

2018-10-11

CVE-2008-1552

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SILC Toolkit versions prior to 1.1.7 SILC Client versions prior to 1.1.4 SILC Server versions prior to 1.1.2

Description The silc pkcs1 decode function in the silccrypt library allows remote attackers to execute arbitrary code via a crafted PKCS#1 message. This is due to an integer underflow, signedness error, and a buffer overflow, which can be triggered by a specially crafted message.

Recommendations For SILC Toolkit versions prior to 1.1.7, update to version 1.1.7 or later. For SILC Client versions prior to 1.1.4, update to version 1.1.4 or later. For SILC Server versions prior to 1.1.2, update to version 1.1.2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2008-1552

Affected Products

Silc Client

Silc Server

Silc Toolkit

Silccrypt Library

PT-2008-3111 · Silc · Silc Toolkit+3

CVE-2008-1552

Weakness Enumeration

Related Identifiers

Affected Products

References · 20