CVE-2008-6704

Name of the Vulnerable Software and Affected Versions S.T.A.L.K.E.R.: Shadow of Chernobyl versions 1.0006 and earlier

Description The issue is caused by an integer overflow in the NET Compressor::Decompress function, allowing remote attackers to cause a denial of service (server crash) via a crafted packet. This packet contains a 0xc1 value with no compressed data, triggering a copy of a large amount of memory.

Recommendations For S.T.A.L.K.E.R.: Shadow of Chernobyl versions 1.0006 and earlier, consider disabling the NET Compressor::Decompress function as a temporary workaround until a patch is available. Restrict access to the NET Compressor module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.