CVE-2009-3051
Published Sep 10, 2009
Last updated 12 years ago
Overview
- Description
- Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-134
Vendor comments
- Red HatNot vulnerable. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4, or 5.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silcnet:silc_client:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "818C2A1A-90A7-4B9C-8A41-F99B641C679E",
"versionEndIncluding": "1.1.7"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_client:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69F3F92C-7A47-4F14-BB23-74902AACB8E8"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_client:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0F083A8-E3BD-4434-9F55-93E7D5B8F735"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_client:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7036B3C2-0D64-474E-81CF-2013F2F20AF8"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_client:1.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3471C30-9633-4A9D-A445-8B286C1294E9"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_client:1.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75B46F7C-353D-41C7-8F39-7BE3FC2C83EA"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_toolkit:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F1B96DE-36B1-484B-87FC-6156D8B65F75",
"versionEndIncluding": "1.1.9"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_toolkit:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C06811A1-DF33-4EC9-A2EE-49CE2F4A4EC2"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_toolkit:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FE803FA-43C9-4565-A1B6-6890A2275A6B"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_toolkit:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9754DA96-8464-412C-8337-51F8DE9884B5"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_toolkit:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4BC8115-1A4B-4CFD-9431-3C2A231D0237"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_toolkit:1.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "262AEDC5-8FB8-4D15-AC4D-906110718D07"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_toolkit:1.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F422F232-FDA3-4FB4-AD84-2641EF0A0134"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_toolkit:1.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "301B0871-8F41-483F-B457-488A89428975"
},
{
"criteria": "cpe:2.3:a:silcnet:silc_toolkit:1.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B207531-E87A-49F4-8D49-BF7BB9F791DF"
}
],
"operator": "OR"
}
]
}
]