QwikSec

Security Database

CVE

CWE

Training

CVE-2007-5249

Published: Oct 6, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple buffer overflows in the logging function in the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to cause a denial of service (daemon crash) via a long (1) PB_Y packet to the YPG server on UDP port 1716 or (2) PB_U packet to UCON on UDP port 1716, different vectors than CVE-2007-4442. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20071001 Unexploitable buffer-overflow in America's Army 2.8.2 through PB

mailing-list

x_refsource_BUGTRAQ

americasarmy-logging-dos(36897)

vdb-entry

x_refsource_XF

http://aluigi.org/poc/aaboompb.zip

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

http://aluigi.altervista.org/adv/aaboompb-adv.txt

x_refsource_MISC

third-party-advisory

x_refsource_SREASON

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.