← back
CVE-2006-1593

CVE-2006-1593

EPSS 4.6%
The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which causes an invalid memory access, possibly due to an invalid array index.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/27547unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://aluigi.altervista.org/adv/zdaebof-adv.txthttp://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044775.htmlhttp://secunia.com/advisories/19496http://secunia.com/advisories/19509http://securityreason.com/securityalert/662https://exchange.xforce.ibmcloud.com/vulnerabilities/25593http://www.securityfocus.com/archive/1/429521/100/0/threadedhttp://www.securityfocus.com/bid/17340http://www.vupen.com/english/advisories/2006/1198http://www.vupen.com/english/advisories/2006/1199