CVE-2008-3286

Name of the Vulnerable Software and Affected Versions: SWAT 4 versions 1.1 and earlier

Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This can be achieved through specific commands sent to the server before user session initialization, including VERIFYCONTENT or GAMECONFIG commands, which trigger a NULL pointer dereference. Additionally, a GAMESPYRESPONSE command followed by a long RS string can also cause the crash.

Recommendations: For SWAT 4 versions 1.1 and earlier, as a temporary workaround, consider restricting access to the VERIFYCONTENT and GAMECONFIG commands until a patch is available. Also, limit the length of RS strings in GAMESPYRESPONSE commands to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.