CVE-2008-7159

Name of the Vulnerable Software and Affected Versions SILC Toolkit versions prior to 1.1.8 libsilc-1.1-2 (affected versions not specified) libsilc-1.1-2-dev (affected versions not specified) libsilc-1.1-2-dbg (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the SILC Toolkit and related packages in the Debian GNU/Linux operating system. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, the silc asn1 encoder function in lib/silcasn1/silcasn1 encode.c is vulnerable to remote attacks that could overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to the incorrect use of a %lu format string.

Recommendations For SILC Toolkit versions prior to 1.1.8: Update to version 1.1.8 or later. For libsilc-1.1-2, libsilc-1.1-2-dev, and libsilc-1.1-2-dbg: At the moment, there is no information about a newer version that contains a fix for this vulnerability.