VDB
CVE-2009-3163
CVE-2009-3163
PUBLISHED
CVSS 7.5 HIGH
Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users.
EPSS 4.87% · 89.8th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
4.87%
89.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| silcnet | silc_client | 0, 1.1.3, 1.1.4 |
| silcnet | silc_toolkit | 0, 1.1.1, 1.1.2 |
Timeline
- Sep 10, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 2, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 36193 vdb
- [oss-security] 20090831 CVE id request: silc-toolkit mailing-list
- http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10 url
- 36614 third-party-advisory
- MDVSA-2009:235 vendor-advisory
- [oss-security] 20090903 Re: CVE id request: silc-toolkit mailing-list
- DSA-1879 vendor-advisory
- http://silcnet.org/general/news/news_toolkit.php url
- MDVSA-2009:234 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-3163 advisory