PT-2019-12071 · Teeworlds+2 · Teeworlds+2

0N3M4Ns4Rmy

Published

2019-04-05

Updated

2019-08-24

CVE-2019-10878

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Teeworlds version 0.7.2

Description The issue is related to a failed bounds check in certain functions within the engine/shared/datafile.cpp file, specifically in CDataFileReader::GetData() and CDataFileReader::ReplaceData(), which can lead to an arbitrary free and out-of-bounds pointer write. This could potentially result in remote code execution.

Recommendations For Teeworlds version 0.7.2, consider applying a patch that fixes the bounds check issue in the affected functions, specifically CDataFileReader::GetData() and CDataFileReader::ReplaceData(), to prevent arbitrary free and out-of-bounds pointer write. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2019-1909

ALT-PU-2019-1934

CVE-2019-10878

OPENSUSE-SU-2019:1793-1

OPENSUSE-SU-2019:1999-1

OPENSUSE-SU-2019_1793-1

Affected Products

Alt Linux

Suse

Teeworlds

PT-2019-12071 · Teeworlds+2 · Teeworlds+2

CVE-2019-10878

Weakness Enumeration

Related Identifiers

Affected Products

References · 22