oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: silc

From: Lubomir Kundrak <lkundrak () redhat com>
Date: Fri, 28 Mar 2008 13:40:21 +0100

On Fri, 2008-03-28 at 13:36 +0100, Ludwig Nussel wrote:

Hi,

This report about a buffer overflow in SILC was posted to bugtraq
recently and doesn't seem to have a CVE number yet:
http://www.coresecurity.com/?action=item&id=2206


By the way core security is wrong there. This can not be exploited into
arbitrary code execution, as it will crash on memcpy called with very
large (underflown negative) size argument.

-- 
Lubomir Kundrak (Red Hat Security Response Team)
Previous By Date Next
Previous By Thread Next

Current thread: