- Description
- Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data. NOTE: some of these details are obtained from third party information.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2976C62F-7634-4C5B-8FF6-DF7695E7D072",
"versionEndIncluding": "1.1.5"
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63D881BA-F3E0-4405-B1B8-67711A33BA4B"
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16798C55-A677-49EE-9B56-7EDE37B3C677"
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D81CC5DC-ACBD-4B9C-9F2C-0179679CE344"
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "850BFE54-530E-42D9-AF68-69D17AE52A52"
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:1.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AEB51D8F-1F16-44DB-9CA0-163F66240349"
}
],
"operator": "OR"
}
]
}
]