CVE-2008-6737

EPSS 2.7%

Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/31918unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://aluigi.altervista.org/adv/crysislog-adv.txt http://osvdb.org/46260 http://secunia.com/advisories/30706 https://exchange.xforce.ibmcloud.com/vulnerabilities/43087 http://www.securityfocus.com/bid/29720