Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SILC客户端及服务器密钥协商远程整数溢出漏洞
Vulnerability Description
SILC(Secure Internet Live Conferencing)是安全的互联网会议讨论系统,可以发送任何类型的信息,包括多媒体信息,如视频、音频、图像等。 SILC处理畸形的数据交换时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 如果要初始连接到SILC服务器,对等端(客户端、路由器和服务器)之间要执行相互认证并执行密钥协商协议以获得之后用于加密通讯的共享密钥。对等端之间的加密数据是通过以PKCS#1 1.5标准编码的报文交换的。 SILC的PKCS1编码功能是在silcpkcs1.c文件
CVSS Information
N/A
Vulnerability Type
N/A