QwikSec

Security Database

CVE

CWE

Training

CVE-2007-4642

Published: Aug 31, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SREASON

third-party-advisory

x_refsource_SECUNIA

doomsday-dnetplayerevent-bo(36332)

vdb-entry

x_refsource_XF

http://aluigi.altervista.org/adv/dumsdei-adv.txt

x_refsource_MISC

http://bugs.gentoo.org/show_bug.cgi?id=190835

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

20070829 Multiple vulnerabilities in Doomsday 1.9.0-beta5.1

mailing-list

x_refsource_BUGTRAQ

doomsday-msgwrite-bo(36333)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_GENTOO

doomsday-netsvreadcommands-bo(36334)

vdb-entry

x_refsource_XF

http://aluigi.org/poc/dumsdei.zip

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.