Описание
The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which causes an invalid memory access, possibly due to an invalid array index.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.08.01 (включая)
Одно из
cpe:2.3:a:x-doom:x-doom:1.06.07:*:*:*:*:*:*:*
cpe:2.3:a:zdaemon:zdaemon:*:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.155
Средний
5 Medium
CVSS2
Дефекты
CWE-399
Связанные уязвимости
github
почти 4 года назад
The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which causes an invalid memory access, possibly due to an invalid array index.
EPSS
Процентиль: 94%
0.155
Средний
5 Medium
CVSS2
Дефекты
CWE-399