CVE-2006-1275

Name of the Vulnerable Software and Affected Versions GGZ Gaming Zone version 0.0.12

Description The issue allows remote attackers to cause a denial of service, specifically a client disconnect, by providing malformed XML inputs. This can be achieved through several methods, including adding a trailing apostrophe character on the ID attribute in a PLAYER XML tag, joining with a long ID attribute or non-trailing apostrophe characters which results in a name being assigned and then disconnecting, or sending a long CDATA message attribute that prevents closing tags from being added to the string.

Recommendations For GGZ Gaming Zone version 0.0.12, as a temporary workaround, consider validating and sanitizing all XML inputs to prevent malformed data from being processed, and restrict the length of ID attributes and CDATA message attributes to prevent excessive data from being sent.