Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sauerbraten | sauerbraten | 2004-05-23 |
| sauerbraten | sauerbraten | 2006-02-28 |
| sauerbraten | sauerbraten | 2005-05-24 |
| sauerbraten | cube | 2005-08-09 |
| sauerbraten | sauerbraten | 2005-06-05 |
| sauerbraten | sauerbraten | 2004-11-02 |
| sauerbraten | sauerbraten | 2005-06-12 |
| sauerbraten | sauerbraten | 2004-05-08 |
| sauerbraten | sauerbraten | 2005-05-29 |
| sauerbraten | sauerbraten | 2006-01-31 |
| sauerbraten | sauerbraten | 2005-11-07 |
| sauerbraten | sauerbraten | initial_2004-02-27 |
| sauerbraten | sauerbraten | 2005-07-04 |
| sauerbraten | sauerbraten | 2006-02-27 |
| sauerbraten | sauerbraten | 2005-08-15 |
The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sauerbraten | sauerbraten | 2006-02-28 |
| sauerbraten | cube | 2005-08-09 |
Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sauerbraten | sauerbraten | 2006-02-28 |
| sauerbraten | cube | 2005-08-09 |
engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sauerbraten | sauerbraten | 2006-02-28 |
| sauerbraten | cube | 2005-08-09 |