cpe:/a:silcnet:silc_toolkit:1.1 cpe:/a:silcnet:silc_toolkit:1.1.1 cpe:/a:silcnet:silc_toolkit:1.1.2 cpe:/a:silcnet:silc_toolkit:1.1.3 cpe:/a:silcnet:silc_toolkit:1.1.4 cpe:/a:silcnet:silc_toolkit:1.1.5 cpe:/a:silcnet:silc_toolkit:1.1.6 cpe:/a:silcnet:silc_toolkit:1.1.8 CVE-2008-7160 2009-09-10T17:30:01.017-04:00 2012-10-22T23:01:25.193-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2009-09-11T09:49:00.000-04:00 BID 36194 SECUNIA 36614 SECUNIA 36625 DEBIAN DSA-1879 MANDRIVA MDVSA-2009:234 SUSE SUSE-SR:2009:016 MLIST [oss-security] 20090831 CVE id request: silc-toolkit MLIST [oss-security] 20090903 Re: CVE id request: silc-toolkit CONFIRM http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.9 CONFIRM http://silcnet.org/general/news/news_toolkit.php The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string.