RSS   Vulnerabilities for 'Silc server'   RSS

2008-03-31
 
CVE-2008-1552

CWE-189
 

 
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.

 

 >>> Vendor: SILC 6 Products
Secure internet live conferencing
Silc-server
Silc client
Silc toolkit
SILC
Silc server


Copyright 2024, cxsecurity.com

 

Back to Top