VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Sep 10, 2009· Updated Apr 23, 2026

CVE-2009-3163

CVE-2009-3163

Description

Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users.

Affected products

16
  • Silcnet/Silc Client7 versions
    cpe:2.3:a:silcnet:silc_client:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:silcnet:silc_client:*:*:*:*:*:*:*:*range: <=1.1.8
    • cpe:2.3:a:silcnet:silc_client:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:silcnet:silc_client:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:silcnet:silc_client:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:silcnet:silc_client:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:silcnet:silc_client:1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:silcnet:silc_client:1.1.7:*:*:*:*:*:*:*
  • Silcnet/Silc Toolkit9 versions
    cpe:2.3:a:silcnet:silc_toolkit:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:silcnet:silc_toolkit:*:*:*:*:*:*:*:*range: <=1.1.9
    • cpe:2.3:a:silcnet:silc_toolkit:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:silcnet:silc_toolkit:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:silcnet:silc_toolkit:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:silcnet:silc_toolkit:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:silcnet:silc_toolkit:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:silcnet:silc_toolkit:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:silcnet:silc_toolkit:1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:silcnet:silc_toolkit:1.1.8:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.