CVE-2008-7160

2009-09-1021:30:00

CWE-134

[email protected]

web.nvd.nist.gov

cve-2008-7160

silc toolkit

http server

remote code execution

stack overwrite

nvd

7.2 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.021 Low

EPSS

Percentile

89.1%

JSON

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string.

CPENameOperatorVersion
silcnet:silc_toolkitsilcnet silc toolkiteq1.1.3
silcnet:silc_toolkitsilcnet silc toolkiteq1.1.5
silcnet:silc_toolkitsilcnet silc toolkiteq1.1
silcnet:silc_toolkitsilcnet silc toolkiteq1.1.1
silcnet:silc_toolkitsilcnet silc toolkiteq1.1.6
silcnet:silc_toolkitsilcnet silc toolkiteq1.1.4
silcnet:silc_toolkitsilcnet silc toolkiteq1.1.2
silcnet:silc_toolkitsilcnet silc toolkitle1.1.8

CPE	Name	Operator	Version
silcnet:silc_toolkit	silcnet silc toolkit	eq	1.1.3
silcnet:silc_toolkit	silcnet silc toolkit	eq	1.1.5
silcnet:silc_toolkit	silcnet silc toolkit	eq	1.1
silcnet:silc_toolkit	silcnet silc toolkit	eq	1.1.1
silcnet:silc_toolkit	silcnet silc toolkit	eq	1.1.6
silcnet:silc_toolkit	silcnet silc toolkit	eq	1.1.4
silcnet:silc_toolkit	silcnet silc toolkit	eq	1.1.2
silcnet:silc_toolkit	silcnet silc toolkit	le	1.1.8