CVE-2009-2549

Name of the Vulnerable Software and Affected Versions Armed Assault versions 1.14 and earlier Armed Assault version 1.16 beta Armed Assault II versions 1.02 and earlier

Description The issue allows remote attackers to cause a denial of service. This can be achieved via a join packet with a final field whose value is either 0, which triggers a server crash related to memory allocation, or 1, which triggers CPU/memory consumption and a NULL pointer dereference.

Recommendations For Armed Assault versions 1.14 and earlier, update to a version later than 1.14 to resolve the issue. For Armed Assault version 1.16 beta, avoid using this version until a stable release is available that addresses the issue. For Armed Assault II versions 1.02 and earlier, update to a version later than 1.02 to resolve the issue. As a temporary workaround, consider restricting access to the join packet functionality to minimize the risk of exploitation.