Back to search
CVE-2006-1194
Published: Mar 13, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet with a large command length value, which leads to an invalid memory access.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20060312 Multiple vulnerabilities in ENet library (Jul 2005)
mailing-list
x_refsource_FULLDISC
20060312 Multiple vulnerabilities in ENet library (Jul 2005)
mailing-list
x_refsource_BUGTRAQ
1015767
vdb-entry
x_refsource_SECTRACK
17087
vdb-entry
x_refsource_BID
23844
vdb-entry
x_refsource_OSVDB
enet-signedness-dos(25157)
vdb-entry
x_refsource_XF
19208
third-party-advisory
x_refsource_SECUNIA
ADV-2006-0940
vdb-entry
x_refsource_VUPEN
http://aluigi.altervista.org/adv/enetx-adv.txt
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now