CVE-2006-3393

Name of the Vulnerable Software and Affected Versions Papyrus NASCAR Racing 4 versions 4.1.3.1.6 and earlier Papyrus NASCAR Racing 2002 Season version 1.1.0.2 and earlier Papyrus NASCAR Racing 2003 Season version 1.2.0.1 and earlier

Description The issue allows remote attackers to cause a denial of service by consuming CPU resources. This is achieved by sending an empty UDP datagram, which is not properly handled due to the use of the FIONREAD asynchronous socket.

Recommendations For Papyrus NASCAR Racing 4 versions 4.1.3.1.6 and earlier, consider restricting access to the UDP endpoint to minimize the risk of exploitation. For Papyrus NASCAR Racing 2002 Season version 1.1.0.2 and earlier, avoid using the FIONREAD asynchronous socket until the issue is resolved. For Papyrus NASCAR Racing 2003 Season version 1.2.0.1 and earlier, as a temporary workaround, consider disabling the reception of empty UDP datagrams until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.