CVE-2008-1552
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
High
0.103 Low
EPSS
Percentile
95.0%
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the “underflow” term in cases of wraparound from unsigned subtraction.
Affected configurations
References
lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
secunia.com/advisories/29463
secunia.com/advisories/29465
secunia.com/advisories/29622
secunia.com/advisories/29946
security.gentoo.org/glsa/glsa-200804-27.xml
securityreason.com/securityalert/3795
silcnet.org/general/news/?item=client_20080320_1
silcnet.org/general/news/?item=server_20080320_1
silcnet.org/general/news/?item=toolkit_20080320_1
www.coresecurity.com/?action=item&id=2206
www.mandriva.com/security/advisories?name=MDVSA-2008:158
www.securityfocus.com/archive/1/490069/100/0/threaded
www.securityfocus.com/bid/28373
www.securitytracker.com/id?1019690
www.vupen.com/english/advisories/2008/0974/references
exchange.xforce.ibmcloud.com/vulnerabilities/41474
www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html
www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
High
0.103 Low
EPSS
Percentile
95.0%