The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
| opensuse | backports | sle-15 |
| chocolate-doom | crispy_doom | 5.8.0 |
| chocolate-doom | chocolate_doom | 3.0.0 |