CVE-2011-0651

UNKNOWN

Buffer overflow in the key exchange functionality in Icon Labs Iconfidant SSL Server before 1

Published Jan 28, 2011

Modified 1 years ago

No fix available

Details

Buffer overflow in the key exchange functionality in Icon Labs Iconfidant SSL Server before 1.3.0 allows remote attackers to execute arbitrary code via a client master key packet in which the sum of unspecified length fields is greater than a certain value.

References

WEBhttp://osvdb.org/70599 ADVISORYhttp://secunia.com/advisories/42971 WEBhttp://www.securityfocus.com/bid/45938 WEBhttp://www.zerodayinitiative.com/advisories/ZDI-11-021/WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/64868 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2011-0651

CVSS Analysis

CVSS v2.0

7.5

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

NoneAu:N

Impact

Confidentiality

PartialC:P

Integrity

PartialI:P

Availability

PartialA:P

7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P

Ecosystems

Timeline

PublishedJan 28, 2011

ModifiedAug 6, 2024