QwikSec

Security Database

CVE

CWE

Training

CVE-2008-1552

Published: Mar 31, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

SUSE-SR:2008:008

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_SREASON

http://silcnet.org/general/news/?item=server_20080320_1

x_refsource_CONFIRM

20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow

mailing-list

x_refsource_BUGTRAQ

http://silcnet.org/general/news/?item=toolkit_20080320_1

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

FEDORA-2008-2641

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

http://www.coresecurity.com/?action=item&id=2206

x_refsource_MISC

http://silcnet.org/general/news/?item=client_20080320_1

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRIVA

silc-silcpkcs1decode-bo(41474)

vdb-entry

x_refsource_XF

FEDORA-2008-2616

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.