CVE-2009-3051

Name of the Vulnerable Software and Affected Versions SILC Toolkit versions prior to 1.1.10 SILC Client versions prior to 1.1.8

Description The issue concerns multiple vulnerabilities in the SILC Toolkit and SILC Client, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. The vulnerabilities are related to format string specifiers in a nickname field and are associated with the silc client add client, silc client update client, and silc client nickname format functions.

Recommendations For SILC Toolkit versions prior to 1.1.10, update to version 1.1.10 or later to resolve the issue. For SILC Client versions prior to 1.1.8, update to version 1.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable silc client add client, silc client update client, and silc client nickname format functions until a patch is available.