MitreCVELIST:CVE-2008-1552CVE-2008-1552
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the “underflow” term in cases of wraparound from unsigned subtraction.
References
lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
secunia.com/advisories/29463
secunia.com/advisories/29465
secunia.com/advisories/29622
secunia.com/advisories/29946
security.gentoo.org/glsa/glsa-200804-27.xml
securityreason.com/securityalert/3795
silcnet.org/general/news/?item=client_20080320_1
silcnet.org/general/news/?item=server_20080320_1
silcnet.org/general/news/?item=toolkit_20080320_1
www.coresecurity.com/?action=item&id=2206
www.mandriva.com/security/advisories?name=MDVSA-2008:158
www.securityfocus.com/archive/1/490069/100/0/threaded
www.securityfocus.com/bid/28373
www.securitytracker.com/id?1019690
www.vupen.com/english/advisories/2008/0974/references
exchange.xforce.ibmcloud.com/vulnerabilities/41474
www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html
www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html
Related
