CVE-2008-1552 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-1552 Interim 1 5 2023-12-09T02:10:16Z current 2021-05-30T12:42:16Z 2023-12-09T02:10:16Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-1552 The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4353PN22NXNRNJZJ5HOUYIYMWYSY4HPL/#4353PN22NXNRNJZJ5HOUYIYMWYSY4HPL E-Mail link for SUSE-SR:2008:008 https://www.suse.com/support/security/rating/ SUSE Security Ratings The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction. CVE-2008-1552 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P