Buffer overflow in the Sequencer::queueMessage function in sequencer.cpp in the server in Rigs of Rods (RoR) before 0.33d SP1 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code by sending a nickname, then a vehicle name in a MSG2_USE_VEHICLE message, in which the combined length triggers the overflow.
References
Configurations
History
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) http://forum.rigsofrods.com/index.php?topic=3140.0 - URL Repurposed |
Information
Published : 2007-11-20 19:46
Updated : 2024-02-28 11:01
NVD link : CVE-2007-6041
Mitre link : CVE-2007-6041
CVE.ORG link : CVE-2007-6041
JSON object : View
Products Affected
rigs_of_rogs
- rigs_of_rogs
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer