CVE-2006-1402

Name of the Vulnerable Software and Affected Versions csDoom versions 0.7 and earlier

Description The issue allows remote attackers to cause a denial of service or execute arbitrary code. This can be achieved by sending a long nickname or teamname to the SV SetupUserInfo function, or by sending a long string when joining a match or a long chat message to the SV BroadcastPrintf function.

Recommendations For csDoom versions 0.7 and earlier, consider restricting the length of nicknames, teamnames, and chat messages to prevent exploitation until a fix is available. As a temporary workaround, consider disabling the SV SetupUserInfo and SV BroadcastPrintf functions until a patch is available.