Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-03-25
A vulnerability has been identified in SILC Toolkit and SILC Client, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. This issue is caused by a buffer overflow error in the "silc_pkcs1_decode()" [silcpkcs1.c] function when decoding certain PKCS#1 messages, which could be exploited by attackers to crash an affected application or execute arbitrary code via a specially crafted signature.
Vulnerability reported by Ariel Waissbein, Pedro Varangot, Martin Mizrahi, Oren Isacson, Carlos Garcia and Ivan Arce (Core Security Technologies).