CVE-2008-1552
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.
La función silc_pkcs1_decode de la librería silccrypt (silcpkcs1.c) en Secure Internet Live Conferencing (SILC) Toolkit antes de 1.1.7, SILC Client antes de 1.1.4 y SILC Server antes de 1.1.2 permite a atacantes remotos ejecutar código de su elección a través de un mensaje PKCS#1 manipulado, lo que dispara un desbordamiento inferior de entero, un error de signo y un desbordamiento de búfer. NOTA: el investigador lo describe como un desbordamiento de entero, pero CVE utiliza el término "desbordamiento inferior" en casos de estrechamiento de resta sin signo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-03-31 CVE Reserved
- 2008-03-31 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/29465 | Third Party Advisory | |
| http://secunia.com/advisories/29622 | Third Party Advisory | |
| http://secunia.com/advisories/29946 | Third Party Advisory | |
| http://securityreason.com/securityalert/3795 | Third Party Advisory | |
| http://www.coresecurity.com/?action=item&id=2206 | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/490069/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1019690 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0974/references | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41474 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://silcnet.org/general/news/?item=client_20080320_1 | 2018-10-11 | |
| http://silcnet.org/general/news/?item=server_20080320_1 | 2018-10-11 | |
| http://silcnet.org/general/news/?item=toolkit_20080320_1 | 2018-10-11 | |
| http://www.securityfocus.com/bid/28373 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Silc Search vendor "Silc" | Silc Search vendor "Silc" for product "Silc" | * | - |
Affected
| in | Redhat Search vendor "Redhat" | Fedora Search vendor "Redhat" for product "Fedora" | 7 Search vendor "Redhat" for product "Fedora" and version "7" | - |
Safe
|
| Silc Search vendor "Silc" | Silc Search vendor "Silc" for product "Silc" | * | - |
Affected
| in | Redhat Search vendor "Redhat" | Fedora Search vendor "Redhat" for product "Fedora" | 8 Search vendor "Redhat" for product "Fedora" and version "8" | - |
Safe
|
| Silc Search vendor "Silc" | Silc Client Search vendor "Silc" for product "Silc Client" | <= 1.1.3 Search vendor "Silc" for product "Silc Client" and version " <= 1.1.3" | - |
Affected
| ||||||
| Silc Search vendor "Silc" | Silc Server Search vendor "Silc" for product "Silc Server" | <= 1.1.2 Search vendor "Silc" for product "Silc Server" and version " <= 1.1.2" | - |
Affected
| ||||||
| Silc Search vendor "Silc" | Silc Toolkit Search vendor "Silc" for product "Silc Toolkit" | <= 1.1.6 Search vendor "Silc" for product "Silc Toolkit" and version " <= 1.1.6" | - |
Affected
| ||||||