CVE-2007-6041

Name of the Vulnerable Software and Affected Versions Rigs of Rods (RoR) versions prior to 0.33d SP1

Description The issue is related to a buffer overflow in the Sequencer::queueMessage function, which can be triggered by sending a nickname and then a vehicle name in a MSG2 USE VEHICLE message with a combined length that causes the overflow. This can lead to a denial of service (daemon crash) and potentially allow the execution of arbitrary code.

Recommendations For versions prior to 0.33d SP1, update to version 0.33d SP1 or later to resolve the issue. As a temporary workaround, consider restricting the length of nicknames and vehicle names in MSG2 USE VEHICLE messages to prevent the buffer overflow until a patch is applied.