CVE-2008-7159

2009-09-1021:30:00

CWE-134

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.021

Percentile

89.2%

JSON

The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string.

Affected configurations

Nvd

Node

silcnetsilc_toolkitRange≤1.1.6

silcnetsilc_toolkitMatch1.1

silcnetsilc_toolkitMatch1.1.1

silcnetsilc_toolkitMatch1.1.2

silcnetsilc_toolkitMatch1.1.3

silcnetsilc_toolkitMatch1.1.4

silcnetsilc_toolkitMatch1.1.5

VendorProductVersionCPE
silcnetsilc_toolkit*cpe:2.3:a:silcnet:silc_toolkit:*:*:*:*:*:*:*:*
silcnetsilc_toolkit1.1cpe:2.3:a:silcnet:silc_toolkit:1.1:*:*:*:*:*:*:*
silcnetsilc_toolkit1.1.1cpe:2.3:a:silcnet:silc_toolkit:1.1.1:*:*:*:*:*:*:*
silcnetsilc_toolkit1.1.2cpe:2.3:a:silcnet:silc_toolkit:1.1.2:*:*:*:*:*:*:*
silcnetsilc_toolkit1.1.3cpe:2.3:a:silcnet:silc_toolkit:1.1.3:*:*:*:*:*:*:*
silcnetsilc_toolkit1.1.4cpe:2.3:a:silcnet:silc_toolkit:1.1.4:*:*:*:*:*:*:*
silcnetsilc_toolkit1.1.5cpe:2.3:a:silcnet:silc_toolkit:1.1.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silcnet	silc_toolkit	*	cpe:2.3:a:silcnet:silc_toolkit::::::::
silcnet	silc_toolkit	1.1	cpe:2.3:a:silcnet:silc_toolkit:1.1:::::::*
silcnet	silc_toolkit	1.1.1	cpe:2.3:a:silcnet:silc_toolkit:1.1.1:::::::*
silcnet	silc_toolkit	1.1.2	cpe:2.3:a:silcnet:silc_toolkit:1.1.2:::::::*
silcnet	silc_toolkit	1.1.3	cpe:2.3:a:silcnet:silc_toolkit:1.1.3:::::::*
silcnet	silc_toolkit	1.1.4	cpe:2.3:a:silcnet:silc_toolkit:1.1.4:::::::*
silcnet	silc_toolkit	1.1.5	cpe:2.3:a:silcnet:silc_toolkit:1.1.5:::::::*