oss-sec mailing list archives
Re: CVE Request: teeworlds: possible remote code execution on teeworlds client
From: <cve-assign () mitre org>
Date: Thu, 17 Nov 2016 18:25:03 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62 https://anonscm.debian.org/cgit/pkg-games/teeworlds.git/commit/?id=bf5e8e2c457013571b02dc97f9ed9f409efdd947 https://bugs.debian.org/844546 https://www.teeworlds.com/?page=news&id=12086
0.6.4 released ... the security vulnerability is worse, attacker controlled memory-writes and possibly arbitrary code execution on the client, abusable by any server the client joins.
- if(Unpacker.Error()) + if(Unpacker.Error() || NumParts < 1 || NumParts > CSnapshot::MAX_PARTS || Part < 0 | Part >= NumParts || PartSize < 0 || PartSize > MAX_SNAPSHOT_PACKSIZE)
Use CVE-2016-9400. Our guess is that neither github.com/teeworlds nor anonscm.debian.org intended to commit this with a bitwise OR between "Part < 0" and "Part >= NumParts" above. On first glance, though, the code seems to have the same effect regardless of whether "Part < 0 | Part >= NumParts" or "Part < 0 || Part >= NumParts" is used. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYLjvOAAoJEHb/MwWLVhi2PcEQAJxCENetx/MZu5IHhvHMrk8k Bh4sKUbbV5OkxA2k/AY0uEG68f/WqPEsk1q/IDCow//eh56xlgYiEnAxkdYa29vv CheoWqqiQJfrKCPIruhxahDVfE6hNRzK3pCMo15SMKfddTHH8hyViYxKVhwKvaYr LGWondROY8hCOli8btfNJlxVqaX24LI8OoEjvvKPZxvBkcehgHKFTibsEIi9evHj y9XsSoeTxAefRYmkv18q5w3WWKv8TUeFTW9mcRgRueqNVW7aFsysmG/cbz4BBDtm 5Q+/ipLwx+AazZS8FHZKFvVJtYkwno6C7AzyCezzCCG+UOc1gv8ojqCYLF7r+c+V RaT0TkDQkjam3J2IZXewPo7wQUuqMMQI92N0fhHwVXKiKsolyUeAJPUgaF13ZOt8 EPy5MuvTT9wca42EKWwyLdp8Wz2I0JSk26hmUQ3XrQD8Desoc0/yUmsQR6NDtIr+ ZR9wT6ChD5hS6gMbPJ6AcPyY3juCXOZVNYrWPc8TzxTn3LfcVgHlscGNB4HW/tc6 Cq7BJNTGvbbRSgFo0lrL1y9pFPKuZiflfo4HuYmdh7hN/PW67H1DAyMOpEDzTE0F /l0NpMnKmFytfDM3ysm4DXSdEaGh+/JATbdxMmHKdxwcfBipmz7msDIf+ACGJwQI UN89aY0tNp011ztELlBR =HGX3 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: teeworlds: possible remote code execution on teeworlds client Salvatore Bonaccorso (Nov 16)
- Re: CVE Request: teeworlds: possible remote code execution on teeworlds client cve-assign (Nov 17)