CVE-2009-2547

Name of the Vulnerable Software and Affected Versions Armed Assault versions 1.14 and earlier Armed Assault version 1.16 beta Armed Assault II versions 1.02 and earlier

Description The issue is caused by an integer underflow that allows remote attackers to cause a denial of service, resulting in a crash. This is achieved by sending a VoIP over Network (VON) packet to port 2305 with a negative packet size value, which triggers a buffer over-read.

Recommendations For Armed Assault versions 1.14 and earlier, update to a version later than 1.14 to resolve the issue. For Armed Assault version 1.16 beta, avoid using the beta version until a stable release is available that addresses the issue. For Armed Assault II versions 1.02 and earlier, update to a version later than 1.02 to resolve the issue. As a temporary workaround, consider restricting access to port 2305 to minimize the risk of exploitation.