Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2008-1552
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-31 Mar, 2008 | 17:44
Updated At-11 Oct, 2018 | 20:35

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
silc
silc
>>silc_client>>Versions up to 1.1.3(inclusive)
cpe:2.3:a:silc:silc_client:*:*:*:*:*:*:*:*
silc
silc
>>silc_server>>Versions up to 1.1.2(inclusive)
cpe:2.3:a:silc:silc_server:*:*:*:*:*:*:*:*
silc
silc
>>silc_toolkit>>Versions up to 1.1.6(inclusive)
cpe:2.3:a:silc:silc_toolkit:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>fedora>>7
cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>fedora>>8
cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
silc
silc
>>silc>>*
cpe:2.3:a:silc:silc:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2008-04-23T00:00:00

Red Hat does not consider this issue to be a security flaw as SILC is not used in a vulnerable manner in Red Hat Enterprise Linux 4 and 5. More information can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=440049

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.htmlcve@mitre.org
N/A
http://secunia.com/advisories/29463cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/29465cve@mitre.org
N/A
http://secunia.com/advisories/29622cve@mitre.org
N/A
http://secunia.com/advisories/29946cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-200804-27.xmlcve@mitre.org
N/A
http://securityreason.com/securityalert/3795cve@mitre.org
N/A
http://silcnet.org/general/news/?item=client_20080320_1cve@mitre.org
Patch
http://silcnet.org/general/news/?item=server_20080320_1cve@mitre.org
Patch
http://silcnet.org/general/news/?item=toolkit_20080320_1cve@mitre.org
Patch
http://www.coresecurity.com/?action=item&id=2206cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:158cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/490069/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/28373cve@mitre.org
Patch
http://www.securitytracker.com/id?1019690cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/0974/referencescve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/41474cve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.htmlcve@mitre.org
N/A
Change History
0Changes found
Details not found