CVE-2008-7160

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string.
Configurations

Configuration 1

cpe:2.3:a:silcnet:silc_toolkit:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:silcnet:silc_toolkit:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:silcnet:silc_toolkit:1.1:*:*:*:*:*:*:*
cpe:2.3:a:silcnet:silc_toolkit:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:silcnet:silc_toolkit:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:silcnet:silc_toolkit:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:silcnet:silc_toolkit:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:silcnet:silc_toolkit:*:*:*:*:*:*:*:*

Information

Published : 2009-09-10 09:30

Updated : 2012-10-23 03:01


NVD link : CVE-2008-7160

Mitre link : CVE-2008-7160

Products Affected
CWE
CWE-134

Use of Externally-Controlled Format String