CVE-2008-7159

2009-09-1021:30:00

CWE-134

[email protected]

web.nvd.nist.gov

vulnerability

silc toolkit

1.1.8

arbitrary code execution

nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6 Medium

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string.

Affected configurations

NVD

Node

silcnetsilc_toolkitRange≤1.1.6

silcnetsilc_toolkitMatch1.1

silcnetsilc_toolkitMatch1.1.1

silcnetsilc_toolkitMatch1.1.2

silcnetsilc_toolkitMatch1.1.3

silcnetsilc_toolkitMatch1.1.4

silcnetsilc_toolkitMatch1.1.5

CPENameOperatorVersion
silcnet:silc_toolkitsilcnet silc toolkitle1.1.6
silcnet:silc_toolkitsilcnet silc toolkiteq1.1
silcnet:silc_toolkitsilcnet silc toolkiteq1.1.1
silcnet:silc_toolkitsilcnet silc toolkiteq1.1.2
silcnet:silc_toolkitsilcnet silc toolkiteq1.1.3
silcnet:silc_toolkitsilcnet silc toolkiteq1.1.4
silcnet:silc_toolkitsilcnet silc toolkiteq1.1.5

CPE	Name	Operator	Version
silcnet:silc_toolkit	silcnet silc toolkit	le	1.1.6
silcnet:silc_toolkit	silcnet silc toolkit	eq	1.1
silcnet:silc_toolkit	silcnet silc toolkit	eq	1.1.1
silcnet:silc_toolkit	silcnet silc toolkit	eq	1.1.2
silcnet:silc_toolkit	silcnet silc toolkit	eq	1.1.3
silcnet:silc_toolkit	silcnet silc toolkit	eq	1.1.4
silcnet:silc_toolkit	silcnet silc toolkit	eq	1.1.5