Fabio Alessandrelli

**Name of the Vulnerable Software and Affected Versions** Godot Engine versions prior to 2.1.5 Godot Engine versions 3.0 prior to 3.0.6 **Description** The issue is related to signed/unsigned comparison, wrong buffer size checks, integer overflow, and missing padding initialization in (De)Serialization functions. This can result in a Denial of Service (DoS) and possible leak of uninitialized memory. The attack can be triggered by a malformed packet received over the network by a Godot application that uses built-in serialization, such as a game server or game client, potentially by a multiplayer opponent. **Recommendations** For Godot Engine versions prior to 2.1.5, update to version 2.1.5 or later. For Godot Engine versions 3.0 prior to 3.0.6, update to version 3.0.6 or later.