Home > Vulnerability Database > CVE-2008-1552

Mend.io Vulnerability Database

CVE-2008-1552

Date: March 31, 2008

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.

Severity Score

5.6

Related Resources (21)

Url: http://silcnet.org/general/news/?item=toolkit_20080320_1

Url: https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html

Url: http://secunia.com/advisories/29463

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-1552

Url: http://www.securityfocus.com/archive/1/490069/100/0/threaded

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/41474

Url: http://silcnet.org/general/news/?item=client_20080320_1

Url: https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:158

Url: http://www.coresecurity.com/?action=item&id=2206

Url: http://securityreason.com/securityalert/3795

Url: http://silcnet.org/general/news/?item=server_20080320_1

Url: http://www.vupen.com/english/advisories/2008/0974/references

Url: http://secunia.com/advisories/29946

Url: http://security.gentoo.org/glsa/glsa-200804-27.xml

Url: http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html

Url: http://www.securitytracker.com/id?1019690

Url: http://secunia.com/advisories/29465

Url: http://www.securityfocus.com/bid/28373

Url: http://secunia.com/advisories/29622

Url: https://www.mend.io/vulnerability-database/CVE-2008-1552

Severity Score

5.6

Weakness Type (CWE)

Numeric Errors

CWE-189

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-1552

Date: March 31, 2008

Severity Score

Related Resources (21)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?