PT-2006-6857 · Neo · Neoengine

Luigi Auriemma

Published

2006-12-02

Updated

2017-07-29

CVE-2006-6227

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions NeoEngine versions 0.8.2 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in an engine crash. This is achieved by sending a message with a large uiMessageLength that leads to a failed memory allocation and a null pointer dereference in the Core::Receive function.

Recommendations For NeoEngine versions 0.8.2 and earlier, consider disabling the Core::Receive function as a temporary workaround until a patch is available. Restrict access to the neonet/core.cpp module to minimize the risk of exploitation. Avoid using large uiMessageLength values in messages to prevent failed memory allocations and null pointer dereferences.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6227

Affected Products

Neoengine

PT-2006-6857 · Neo · Neoengine

CVE-2006-6227

Related Identifiers

Affected Products

References · 6