CVE-2019-10648

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Robocode versions prior to 1.9.3.6

Description The issue allows remote attackers to cause external service interaction, specifically DNS queries, by leveraging a .openStream call within java.net.URL. This can be demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone.

Recommendations For Robocode versions prior to 1.9.3.6, update to version 1.9.3.6 or later to resolve the issue.

Fix

Missing Authorization

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-20

Related Identifiers

CVE-2019-10648

GHSA-Q2XP-75M7-GV52

Affected Products

Robocode

CVE-2019-10648

Weakness Enumeration

Related Identifiers

Affected Products

References · 12