CVE-2008-1552

2008-03-3117:44:00

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.138

Percentile

95.7%

JSON

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the “underflow” term in cases of wraparound from unsigned subtraction.

Affected configurations

Nvd

Node

silcsilc_clientRange≤1.1.3

silcsilc_serverRange≤1.1.2

silcsilc_toolkitRange≤1.1.6

Node

redhatfedoraMatch7

redhatfedoraMatch8

AND

silcsilc

VendorProductVersionCPE
silcsilc_client*cpe:2.3:a:silc:silc_client:*:*:*:*:*:*:*:*
silcsilc_server*cpe:2.3:a:silc:silc_server:*:*:*:*:*:*:*:*
silcsilc_toolkit*cpe:2.3:a:silc:silc_toolkit:*:*:*:*:*:*:*:*
redhatfedora7cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*
redhatfedora8cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
silcsilc*cpe:2.3:a:silc:silc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silc	silc_client	*	cpe:2.3:a:silc:silc_client::::::::
silc	silc_server	*	cpe:2.3:a:silc:silc_server::::::::
silc	silc_toolkit	*	cpe:2.3:a:silc:silc_toolkit::::::::
redhat	fedora	7	cpe:2.3:o:redhat:fedora:7:::::::*
redhat	fedora	8	cpe:2.3:o:redhat:fedora:8:::::::*
silc	silc	*	cpe:2.3:a:silc:silc::::::::