CVE-2008-1552
Published Mar 31, 2008
Last updated 6 years ago
Overview
- Description
- The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-189
Vendor comments
- Red HatRed Hat does not consider this issue to be a security flaw as SILC is not used in a vulnerable manner in Red Hat Enterprise Linux 4 and 5. More information can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=440049
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silc:silc_client:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17399447-A537-43ED-8F3B-34A6B3775F91",
"versionEndIncluding": "1.1.3"
},
{
"criteria": "cpe:2.3:a:silc:silc_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C79529C3-3305-4C9F-81B9-6A230CEC864B",
"versionEndIncluding": "1.1.2"
},
{
"criteria": "cpe:2.3:a:silc:silc_toolkit:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29C8F2A5-C309-4BAB-B292-B95BE9BD335B",
"versionEndIncluding": "1.1.6"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A"
},
{
"criteria": "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C8E8256F-3FB6-45B2-8F03-02A61C10FAF0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silc:silc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A363089A-8328-48B1-9609-36A635EC4A46"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]