Format string

2009-09-1018:30:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.098 Low

EPSS

Percentile

94.7%

JSON

Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions.

CPENameOperatorVersion
silc_clienteq1.1.6
silc_clienteq1.1.1
silc_clienteq1.1.2
silc_clienteq1.1.3
silc_clientle1.1.7
silc_clienteq1.1.4
silc_toolkiteq1.1.3
silc_toolkiteq1.1.5
silc_toolkitle1.1.9
silc_toolkiteq1.1.8

Name	Operator	Version
silc_client	eq	1.1.6
silc_client	eq	1.1.1
silc_client	eq	1.1.2
silc_client	eq	1.1.3
silc_client	le	1.1.7
silc_client	eq	1.1.4
silc_toolkit	eq	1.1.3
silc_toolkit	eq	1.1.5
silc_toolkit	le	1.1.9
silc_toolkit	eq	1.1.8