Your submission was sent successfully! Close

CVE-2009-3051

Published: 10 September 2009

Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions.

Priority

Low

Notes

AuthorNote
kees
silc-server and silc-client use silc-toolkit's system libraries
intrepid and later are protected by fortify-source

References