RSS   Vulnerabilities for 'Silc toolkit'   RSS

2008-03-31
 
CVE-2008-1552

CWE-189
 

 
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.

 
2008-03-10
 
CVE-2008-1227

 

 
Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data. NOTE: some of these details are obtained from third party information.

 
2007-07-12
 
CVE-2007-3728

 

 
Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications.

 

 >>> Vendor: SILC 6 Products
Secure internet live conferencing
Silc-server
Silc client
Silc toolkit
SILC
Silc server


Copyright 2024, cxsecurity.com

 

Back to Top