4 matches found
CVE-2009-3051
CVE-2009-3051 describes multiple format-string vulnerabilities in the SILC Toolkit and SILC Client. The flaws reside in lib/silcclient/client_entry.c, allowing remote attackers to execute arbitrary code via format string specifiers embedded in nicknames, tied to functions silc_client_add_client, ...
CVE-2008-7160
The CVE-2008-7160 issue affects the SILC Toolkit/SILC server (silcd HTTP server) prior to version 1.1.9, where an incorrect format string handling in a sscanf() call for Content-Length headers could overwrite a stack location and potentially allow code execution. Public documentation in Debian DS...
CVE-2008-7159
CVE-2008-7159 affects SILC Toolkit (and SILC Client) prior to versions 1.1.8/1.1.8+. The root cause is an incorrect format string in the ASN.1 OID encoder, allowing a remote attacker to overflow a stack location on 64-bit systems and potentially execute arbitrary code. Affected components: silcas...
CVE-2009-3163
CVE-2009-3163 is a vulnerability in the SILC Toolkit and SILC Client. Reports describe multiple format-string vulnerabilities in lib/silcclient/command.c that allow remote code execution via crafted channel names, affecting SILC Toolkit versions before 1.1.10 and SILC Client up to 1.1.8. The issu...