CVSS: 6.8EPSS: 13%CPEs: 6EXPL: 0CVE-2008-1552
https://notcve.org/view.php?id=CVE-2008-1552
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction. La función silc_pkcs1_decode de la librería silccrypt (silcpkcs1.c) en Secure Internet Live Conferencing (SILC) Toolkit antes de 1.1.7, SILC Client antes de 1.1.4 y SILC Server antes de 1.1.2 permite a atacantes remotos ejecutar código de su elección a través de un mensaje PKCS#1 manipulado, lo que dispara un desbordamiento inferior de entero, un error de signo y un desbordamiento de búfer. NOTA: el investigador lo describe como un desbordamiento de entero, pero CVE utiliza el término "desbordamiento inferior" en casos de estrechamiento de resta sin signo. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://secunia.com/advisories/29463 http://secunia.com/advisories/29465 http://secunia.com/advisories/29622 http://secunia.com/advisories/29946 http://security.gentoo.org/glsa/glsa-200804-27.xml http://securityreason.com/securityalert/3795 http://silcnet.org/general/news/?item=client_20080320_1 http://silcnet.org/general/news/?item=server_20080320_1 http://silcnet.org/general/news/?item=toolkit_20080320 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 0CVE-2008-1429
https://notcve.org/view.php?id=CVE-2008-1429
Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows remote attackers to cause a denial of service (daemon crash) via a NEW_CLIENT packet without a nickname. Secure Internet Live Conferencing (SILC) Server versiones anteriores a 1.1.1 permite a atacantes remotos provocar una denegación de servicio (final erróneo del demonio) al utilizar un paquete NEW_CLIENT sin incluir un apodo. • http://secunia.com/advisories/29459 http://secunia.com/advisories/29946 http://security.gentoo.org/glsa/glsa-200804-27.xml http://silcnet.org/docs/release/SILC%20Server%201.1.1 http://www.securityfocus.com/bid/28450 http://www.securitytracker.com/id?1019711 http://www.vupen.com/english/advisories/2008/0919/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41307 •
CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 1CVE-2007-1327 – Silc Server 1.0.2 - New Channel Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-1327
The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm. La función SILC_SERVER_CMD_FUNC de apps/silcd/command.c de silc-server 1.0.2 permite a atacantes remotos provocar una denegación de servicio (referencia a NULL y caída de demonio) mediante una petición sin algoritmo de cifrado y un algoritmo inválido HMAC. • https://www.exploit-db.com/exploits/29716 http://marc.info/?l=full-disclosure&m=117320823618036&w=2 http://osvdb.org/33887 http://secunia.com/advisories/24426 http://secunia.com/advisories/24431 http://security.gentoo.org/glsa/glsa-200703-12.xml http://www.securityfocus.com/bid/22846 https://exchange.xforce.ibmcloud.com/vulnerabilities/32846 • CWE-476: NULL Pointer Dereference •