Nightfang

**Name of the Vulnerable Software and Affected Versions** csDoom versions 0.7 and earlier **Description** The issue allows remote attackers to cause a denial of service or execute arbitrary code. This can be achieved by sending a long nickname or teamname to the `SV SetupUserInfo` function, or by sending a long string when joining a match or a long chat message to the `SV BroadcastPrintf` function. **Recommendations** For csDoom versions 0.7 and earlier, consider restricting the length of nicknames, teamnames, and chat messages to prevent exploitation until a fix is available. As a temporary workaround, consider disabling the `SV SetupUserInfo` and `SV BroadcastPrintf` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** csDoom versions 0.7 and earlier **Description** The issue is related to a format string vulnerability in the PrintString function. This vulnerability allows remote attackers to cause a denial of service and possibly execute arbitrary commands via format string specifiers in strings passed to the console. **Recommendations** For csDoom versions 0.7 and earlier, consider disabling the PrintString function in c console.cpp as a temporary workaround until a patch is available. Restrict access to the console to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.