6 results (0.009 seconds)

CVSS: 7.5EPSS: 11%CPEs: 16EXPL: 0

Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users. Múltiples vulnerabilidades de formato de cadena en lib/silcclient/command.c en Secure Internet Live Conferencing (SILC) Toolkit anteriores a v1.1.10, y SILC Client v1.1.8 y anteriores , permite a atacantes remotos ejecutar código arbitrario a través de los especificadores de cadena en el nombre de canal, relacionado con (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, y (4) silc_client_command_users. • http://secunia.com/advisories/36614 http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10 http://silcnet.org/general/news/news_toolkit.php http://www.debian.org/security/2009/dsa-1879 http://www.mandriva.com/security/advisories?name=MDVSA-2009:234 http://www.mandriva.com/security/advisories?name=MDVSA-2009:235 http://www.openwall.com/lists/oss-security/2009/08/31/5 http://www.openwall.com/lists/oss-security/2009/09/03/5 http://www.securityfocus.com/bid/36193 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 5.8EPSS: 2%CPEs: 7EXPL: 0

The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string. La función silc_asn1_encoder de lib/silcasn1/silcasn1_encode.c en Secure Internet Live Conferencing (SILC) Toolkit anterior a v1.1.8, permite a atacantes remotos sobrescribir una posición de la pila y puede que ejecutar código de su elección a través de un valor OID manipulado. Está relacionado con el uso incorrecto de una cadena con formato %lu. • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://secunia.com/advisories/36614 http://secunia.com/advisories/36625 http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.8 http://silcnet.org/general/news/news_toolkit.php http://www.debian.org/security/2009/dsa-1879 http://www.mandriva.com/security/advisories?name=MDVSA-2009:234 http://www.openwall.com/lists/oss-security/2009/08/31/5 http://www.openwall.com/lists/oss-security/2009/09/03&# • CWE-134: Use of Externally-Controlled Format String •

CVSS: 5.8EPSS: 2%CPEs: 8EXPL: 0

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string. la funcion silc_http_server_parse en lib/silchttp/silchttpserver.c en el servidor HTTP interno en silcd en Secure Internet Live Conferencing (SILC) Toolkit anteriores a v1.1.9 permite a atacantes remotos sobrescribir un lugar de la pila y posiblemente ejecutar código arbitrario a través de una cabecera Content-Lenght, relacionada con el uso incorrecto de un formato de cadena %lu. • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://secunia.com/advisories/36614 http://secunia.com/advisories/36625 http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.9 http://silcnet.org/general/news/news_toolkit.php http://www.debian.org/security/2009/dsa-1879 http://www.mandriva.com/security/advisories?name=MDVSA-2009:234 http://www.openwall.com/lists/oss-security/2009/08/31/5 http://www.openwall.com/lists/oss-security/2009/09/03&# • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.5EPSS: 9%CPEs: 15EXPL: 0

Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions. Múltiples vulnerabilidades de formato de cadena en lib/silcclient/client_entry.c de Secure Internet Live Conferencing (SILC) Toolkit anterior a v1.1.10, y SILC Client anterior a v1.1.8, permite a atacantes remotos ejecutar código de su elección a través de especificadores de formato de cadena en un campo nickname (apodo). Está relacionado con las funciones (1) silc_client_add_client, (2) silc_client_update_client y (3) silc_client_nickname_format. • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://secunia.com/advisories/36134 http://secunia.com/advisories/36614 http://silcnet.org/docs/changelog/SILC%20Client%201.1.8 http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10 http://silcnet.org/docs/release/SILC%20Client%201.1.8 http://silcnet.org/general/news/news_client.php http://silcnet.org/general/news/news_toolkit.php http://www.debian.org/security/2009/dsa-1879 http://www. • CWE-134: Use of Externally-Controlled Format String •

CVSS: 6.8EPSS: 13%CPEs: 6EXPL: 0

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction. La función silc_pkcs1_decode de la librería silccrypt (silcpkcs1.c) en Secure Internet Live Conferencing (SILC) Toolkit antes de 1.1.7, SILC Client antes de 1.1.4 y SILC Server antes de 1.1.2 permite a atacantes remotos ejecutar código de su elección a través de un mensaje PKCS#1 manipulado, lo que dispara un desbordamiento inferior de entero, un error de signo y un desbordamiento de búfer. NOTA: el investigador lo describe como un desbordamiento de entero, pero CVE utiliza el término "desbordamiento inferior" en casos de estrechamiento de resta sin signo. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://secunia.com/advisories/29463 http://secunia.com/advisories/29465 http://secunia.com/advisories/29622 http://secunia.com/advisories/29946 http://security.gentoo.org/glsa/glsa-200804-27.xml http://securityreason.com/securityalert/3795 http://silcnet.org/general/news/?item=client_20080320_1 http://silcnet.org/general/news/?item=server_20080320_1 http://silcnet.org/general/news/?item=toolkit_20080320 • CWE-189: Numeric Errors •