CVE-2006-1194

Name of the Vulnerable Software and Affected Versions ENet library version Jul 2005 and earlier

Description The issue is related to an integer signedness error in the enet protocol handle incoming commands function. This error can be exploited by remote attackers who send a packet with a large command length value, leading to an invalid memory access and causing the application to crash. The affected products include Cube, Sauerbraten, and Duke3d w32.

Recommendations For ENet library version Jul 2005 and earlier, consider applying a patch or fix to correct the integer signedness error in the enet protocol handle incoming commands function to prevent remote attackers from causing a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.