CVE-2007-3728 - Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allow

CVE-2007-3728

Summary

Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications.

References

Vulnerable Configurations

cpe:2.3:a:silc:silc_client:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:silc:silc_client:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:silc:silc_toolkit:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:silc:silc_toolkit:1.1.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	24795
confirm	http://silcnet.org/docs/changelog/changes.txt http://www.silcnet.org/docs/release/SILC%20Toolkit%201.1.2
osvdb	36730
secunia	25939
vupen	ADV-2007-2454
xf	silc-clienttoolkit-nickchange-bo(35281)

statements via4

contributor	Mark J Cox
lastmodified	2007-07-17
organization	Red Hat
statement	Not vulnerable. libsilc was not shipped with Enterprise Linux 2.1 or 3. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4 or 5.

Last major update

29-07-2017 - 01:32

Published

12-07-2007 - 17:30

Last modified

29-07-2017 - 01:32