PT-2019-12071 · Teeworlds+2 · Teeworlds+2

0N3M4Ns4Rmy

Publicado

2019-04-05

Atualizado

2019-08-24

CVE-2019-10878

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Teeworlds version 0.7.2

Description The issue is related to a failed bounds check in certain functions within the engine/shared/datafile.cpp file, specifically in CDataFileReader::GetData() and CDataFileReader::ReplaceData(), which can lead to an arbitrary free and out-of-bounds pointer write. This could potentially result in remote code execution.

Recommendations For Teeworlds version 0.7.2, consider applying a patch that fixes the bounds check issue in the affected functions, specifically CDataFileReader::GetData() and CDataFileReader::ReplaceData(), to prevent arbitrary free and out-of-bounds pointer write. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2019-1909

ALT-PU-2019-1934

CVE-2019-10878

OPENSUSE-SU-2019:1793-1

OPENSUSE-SU-2019:1999-1

OPENSUSE-SU-2019_1793-1

Produtos afetados

Alt Linux

Suse

Teeworlds

PT-2019-12071 · Teeworlds+2 · Teeworlds+2

CVE-2019-10878

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 22