5 results (0.012 seconds)

CVSS: 6.8EPSS: 13%CPEs: 6EXPL: 0

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction. La función silc_pkcs1_decode de la librería silccrypt (silcpkcs1.c) en Secure Internet Live Conferencing (SILC) Toolkit antes de 1.1.7, SILC Client antes de 1.1.4 y SILC Server antes de 1.1.2 permite a atacantes remotos ejecutar código de su elección a través de un mensaje PKCS#1 manipulado, lo que dispara un desbordamiento inferior de entero, un error de signo y un desbordamiento de búfer. NOTA: el investigador lo describe como un desbordamiento de entero, pero CVE utiliza el término "desbordamiento inferior" en casos de estrechamiento de resta sin signo. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://secunia.com/advisories/29463 http://secunia.com/advisories/29465 http://secunia.com/advisories/29622 http://secunia.com/advisories/29946 http://security.gentoo.org/glsa/glsa-200804-27.xml http://securityreason.com/securityalert/3795 http://silcnet.org/general/news/?item=client_20080320_1 http://silcnet.org/general/news/?item=server_20080320_1 http://silcnet.org/general/news/?item=toolkit_20080320 • CWE-189: Numeric Errors •

CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 0

Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows remote attackers to cause a denial of service (daemon crash) via a NEW_CLIENT packet without a nickname. Secure Internet Live Conferencing (SILC) Server versiones anteriores a 1.1.1 permite a atacantes remotos provocar una denegación de servicio (final erróneo del demonio) al utilizar un paquete NEW_CLIENT sin incluir un apodo. • http://secunia.com/advisories/29459 http://secunia.com/advisories/29946 http://security.gentoo.org/glsa/glsa-200804-27.xml http://silcnet.org/docs/release/SILC%20Server%201.1.1 http://www.securityfocus.com/bid/28450 http://www.securitytracker.com/id?1019711 http://www.vupen.com/english/advisories/2008/0919/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41307 •

CVSS: 7.5EPSS: 16%CPEs: 6EXPL: 0

Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en pila en la función silc_fingerprint en lib/silcutil/silcutil.c de Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, y versiones anteriores no especificadas, permite a atacantes remotos causar una denegación de servicio (caída) o la posibilidad de ejecutar código de su elección a través de datos de entrada largos. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/29174 http://secunia.com/advisories/29323 http://secunia.com/advisories/29946 http://security.gentoo.org/glsa/glsa-200804-27.xml http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.6 http://www.mandriva.com/security/advisories?name=MDVSA-2008:158 http://www.securityfocus.com/bid/28101 http://www.vupen.com/english/advisories/2008/0769 https://bugzilla.redhat.com/show_bug& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 0

Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications. Desbordamiento de búfer lib/silcclient/client_notify.c de SILC Client y SILC Toolkit anterior a 1.1.2 permite a atacantes remotos provocar una denegación de servicio mediante notificaciones "NICK_CHANGE" (cambio de apodo). • http://osvdb.org/36730 http://secunia.com/advisories/25939 http://silcnet.org/docs/changelog/changes.txt http://www.securityfocus.com/bid/24795 http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2 http://www.vupen.com/english/advisories/2007/2454 https://exchange.xforce.ibmcloud.com/vulnerabilities/35281 •

CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 1

The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm. La función SILC_SERVER_CMD_FUNC de apps/silcd/command.c de silc-server 1.0.2 permite a atacantes remotos provocar una denegación de servicio (referencia a NULL y caída de demonio) mediante una petición sin algoritmo de cifrado y un algoritmo inválido HMAC. • https://www.exploit-db.com/exploits/29716 http://marc.info/?l=full-disclosure&m=117320823618036&w=2 http://osvdb.org/33887 http://secunia.com/advisories/24426 http://secunia.com/advisories/24431 http://security.gentoo.org/glsa/glsa-200703-12.xml http://www.securityfocus.com/bid/22846 https://exchange.xforce.ibmcloud.com/vulnerabilities/32846 • CWE-476: NULL Pointer Dereference •