Buffer Overflow in Iconfidant SSL Server by Icon Labs
CVE-2011-0651

Currently unrated

Key Information:

Vendor

Icon-labs

Status
Iconfidant Ssl Server
Vendor
CVE Published:
28 January 2011

What is CVE-2011-0651?

A buffer overflow vulnerability exists in the key exchange functionality of Iconfidant SSL Server, prior to version 1.3.0. This flaw allows remote attackers to exploit the system by sending a specially crafted client master key packet, which can cause the sum of unspecified length fields to exceed a certain threshold, leading to the possibility of arbitrary code execution. Such an exploit has the potential to compromise system integrity and confidentiality, making it imperative for users of the affected software to apply the necessary updates to mitigate this risk.

References

http://www.zerodayinitiative.com/advisories/ZDI-11-021/
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/64868
vdb-entryx_refsource_XF
http://osvdb.org/70599
vdb-entryx_refsource_OSVDB

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.