CVE-2006-1194
CVE-2006-1194
Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet with a large command length value, which leads to an invalid memory access.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/27420unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://aluigi.altervista.org/adv/enetx-adv.txthttp://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043541.htmlhttp://secunia.com/advisories/19208http://securitytracker.com/id?1015767https://exchange.xforce.ibmcloud.com/vulnerabilities/25157http://www.osvdb.org/23844http://www.securityfocus.com/archive/1/427465/100/0/threadedhttp://www.securityfocus.com/bid/17087http://www.vupen.com/english/advisories/2006/0940