PT-2006-2411 · Id · Csdoom

Nightfang

Published

2006-03-28

Updated

2017-07-20

CVE-2006-1402

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions csDoom versions 0.7 and earlier

Description The issue allows remote attackers to cause a denial of service or execute arbitrary code. This can be achieved by sending a long nickname or teamname to the SV SetupUserInfo function, or by sending a long string when joining a match or a long chat message to the SV BroadcastPrintf function.

Recommendations For csDoom versions 0.7 and earlier, consider restricting the length of nicknames, teamnames, and chat messages to prevent exploitation until a fix is available. As a temporary workaround, consider disabling the SV SetupUserInfo and SV BroadcastPrintf functions until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1402

Affected Products

Csdoom

PT-2006-2411 · Id · Csdoom

CVE-2006-1402

Related Identifiers

Affected Products

References · 8