Lucene search

[email protected]CVE-2006-0771

HistoryFeb 18, 2006 - 9:02 p.m.

CVE-2006-0771

2006-02-1821:02:00

CWE-134

[email protected]

web.nvd.nist.gov

cve-2006-0771

punkbuster

format string

vulnerability

denial of service

remote attack

arbitrary code

nvd

soldier of fortune ii

game security

8.6 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.093 Low

EPSS

Percentile

94.6%

JSON

Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason.

CPENameOperatorVersion
even_balance:punkbustereven balance punkbusterle1.180

CPE	Name	Operator	Version
even_balance:punkbuster	even balance punkbuster	le	1.180

References

aluigi.altervista.org/adv/sof2pbfs-adv.txt

archives.neohapsis.com/archives/fulldisclosure/2006-02/0372.html

secunia.com/advisories/18917

securityreason.com/securityalert/448

www.securityfocus.com/archive/1/425286/100/0/threaded

www.securityfocus.com/bid/16703

exchange.xforce.ibmcloud.com/vulnerabilities/24792

8.6 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.093 Low

EPSS

Percentile

94.6%

JSON

Related for CVE-2006-0771

prion1