VDB

CVE-2009-3163

CVE-2009-3163 PUBLISHED CVSS 7.5 HIGH

Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users.

EPSS 4.87% · 89.8th percentile

Risk Scores

CVSS 2.0
7.5
EPSS Score
4.87%
89.8th percentile

Affected Products

VendorProductVersions
n/an/an/a
silcnetsilc_client0, 1.1.3, 1.1.4
silcnetsilc_toolkit0, 1.1.1, 1.1.2

Timeline

  • Sep 10, 2009 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 2, 2022 CVE Updated
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Jul 17, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›