CVE-2006-1998 (vulnerable 0.3.5 - fixed 0.4.8)

Short description: Denial of service (server) via invalid error number

Official CVE-2006-1998 entry at cve.mitre.org.

Related bug reports:

  • There are no related bugs.

Related commits:

Patches: (sometimes more fuzz is needed to apply them)

Both client and server handle a type of command (PACKET_SERVER_ERROR and PACKET_CLIENT_ERROR) for the visualization of some pre-built errors in the console. The problem happens when an attacker sends an invalid big error number (8 bit) which forces the program to terminate spontaneously through the usage of the error() function. The bug is exploitable only in-game so the attacker must have access to the server: his IP must not be banned, he must know the password if it has been set and the server must not be full.