CVSS: 6.8EPSS: 13%CPEs: 6EXPL: 0CVE-2008-1552
https://notcve.org/view.php?id=CVE-2008-1552
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction. La función silc_pkcs1_decode de la librería silccrypt (silcpkcs1.c) en Secure Internet Live Conferencing (SILC) Toolkit antes de 1.1.7, SILC Client antes de 1.1.4 y SILC Server antes de 1.1.2 permite a atacantes remotos ejecutar código de su elección a través de un mensaje PKCS#1 manipulado, lo que dispara un desbordamiento inferior de entero, un error de signo y un desbordamiento de búfer. NOTA: el investigador lo describe como un desbordamiento de entero, pero CVE utiliza el término "desbordamiento inferior" en casos de estrechamiento de resta sin signo. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://secunia.com/advisories/29463 http://secunia.com/advisories/29465 http://secunia.com/advisories/29622 http://secunia.com/advisories/29946 http://security.gentoo.org/glsa/glsa-200804-27.xml http://securityreason.com/securityalert/3795 http://silcnet.org/general/news/?item=client_20080320_1 http://silcnet.org/general/news/?item=server_20080320_1 http://silcnet.org/general/news/?item=toolkit_20080320 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 16%CPEs: 6EXPL: 0CVE-2008-1227
https://notcve.org/view.php?id=CVE-2008-1227
Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en pila en la función silc_fingerprint en lib/silcutil/silcutil.c de Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, y versiones anteriores no especificadas, permite a atacantes remotos causar una denegación de servicio (caída) o la posibilidad de ejecutar código de su elección a través de datos de entrada largos. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/29174 http://secunia.com/advisories/29323 http://secunia.com/advisories/29946 http://security.gentoo.org/glsa/glsa-200804-27.xml http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.6 http://www.mandriva.com/security/advisories?name=MDVSA-2008:158 http://www.securityfocus.com/bid/28101 http://www.vupen.com/english/advisories/2008/0769 https://bugzilla.redhat.com/show_bug& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 0CVE-2007-3728
https://notcve.org/view.php?id=CVE-2007-3728
Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications. Desbordamiento de búfer lib/silcclient/client_notify.c de SILC Client y SILC Toolkit anterior a 1.1.2 permite a atacantes remotos provocar una denegación de servicio mediante notificaciones "NICK_CHANGE" (cambio de apodo). • http://osvdb.org/36730 http://secunia.com/advisories/25939 http://silcnet.org/docs/changelog/changes.txt http://www.securityfocus.com/bid/24795 http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2 http://www.vupen.com/english/advisories/2007/2454 https://exchange.xforce.ibmcloud.com/vulnerabilities/35281 •