CVE-2006-3849

Name of the Vulnerable Software and Affected Versions Warzone 2100 versions 2.0.3 and earlier Warzone Resurrection versions 2.0.3 and earlier

Description The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This can be achieved through a long message handled by the recvTextMessage function in multiplay.c or a long filename handled by NETrecvFile function in netplay/netplay.c.

Recommendations For Warzone 2100 versions 2.0.3 and earlier, update to a version later than 2.0.3 to resolve the issue. For Warzone Resurrection versions 2.0.3 and earlier, update to a version later than 2.0.3 to resolve the issue. As a temporary workaround, consider restricting the length of messages and filenames handled by the recvTextMessage and NETrecvFile functions until a patch is available.