Lucene search

[email protected]CVE-2005-2115

HistoryJul 05, 2005 - 4:00 a.m.

CVE-2005-2115

2005-07-0504:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

remote code execution

vulnerability

soldier of fortune ii

denial of service

cve-2005-2115

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation.

CPENameOperatorVersion
raven_software:soldier_of_fortune_2raven software soldier of fortune 2eq1.02
raven_software:soldier_of_fortune_2raven software soldier of fortune 2eq1.03

CPE	Name	Operator	Version
raven_software:soldier_of_fortune_2	raven software soldier of fortune 2	eq	1.02
raven_software:soldier_of_fortune_2	raven software soldier of fortune 2	eq	1.03

References

aluigi.altervista.org/adv/sof2ignore-adv.txt

marc.info/?l=bugtraq&m=112008428126593&w=2

secunia.com/advisories/15868

www.osvdb.org/17649

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON