Strix
26.1K

CVE-2009-3163

UnknownEPSS 4.53%

Last modified

CVE-2009-3163 is a vulnerability of currently unknown severity. Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users.. EPSS estimates a 4.53% chance of exploitation in the next 30 days.

Description

Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users.

Metrics

EPSS Probability
4.53%

90.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SilcnetSilc Client<= 1.1.8
SilcnetSilc Client1.1.1
SilcnetSilc Client1.1.2
SilcnetSilc Client1.1.3
SilcnetSilc Client1.1.4
SilcnetSilc Client1.1.6
SilcnetSilc Client1.1.7
SilcnetSilc Toolkit<= 1.1.9
SilcnetSilc Toolkit1.1
SilcnetSilc Toolkit1.1.1
SilcnetSilc Toolkit1.1.2
SilcnetSilc Toolkit1.1.3
SilcnetSilc Toolkit1.1.4
SilcnetSilc Toolkit1.1.5
SilcnetSilc Toolkit1.1.6
SilcnetSilc Toolkit1.1.8

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-3163?
Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users.
How severe is CVE-2009-3163?
Severity scoring for CVE-2009-3163 is pending analysis. The EPSS model estimates a 4.53% probability of exploitation in the next 30 days.
How do I fix CVE-2009-3163?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-3163?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST