CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
95.7%
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in
Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client
before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to
execute arbitrary code via a crafted PKCS#1 message, which triggers an
integer underflow, signedness error, and a buffer overflow. NOTE: the
researcher describes this as an integer overflow, but CVE uses the
“underflow” term in cases of wraparound from unsigned subtraction.