6.8

CVE-2008-1552

EPSS 6.73%
Veröffentlicht 31.03.2008 17:44:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow.  NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Silc ≫ Silc Client Version <= 1.1.3

Silc ≫ Silc Server Version <= 1.1.2

Silc ≫ Silc Toolkit Version <= 1.1.6

Silc ≫ Silc

Redhat ≫ Fedora Version7
Redhat ≫ Fedora Version8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.73%	0.909

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html

http://secunia.com/advisories/29622

http://secunia.com/advisories/29946

http://security.gentoo.org/glsa/glsa-200804-27.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:158

http://secunia.com/advisories/29463

Vendor Advisory

http://secunia.com/advisories/29465

http://securityreason.com/securityalert/3795

http://silcnet.org/general/news/?item=client_20080320_1

Patch

http://silcnet.org/general/news/?item=server_20080320_1

Patch

http://silcnet.org/general/news/?item=toolkit_20080320_1

Patch

http://www.coresecurity.com/?action=item&id=2206

http://www.securityfocus.com/archive/1/490069/100/0/threaded

http://www.securityfocus.com/bid/28373

Patch

http://www.securitytracker.com/id?1019690

http://www.vupen.com/english/advisories/2008/0974/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41474

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html

https://nvd.nist.gov/vuln/detail/CVE-2008-1552

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1552

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1552

EUVD