Lucene search

[email protected]CVE-2007-6041

HistoryNov 20, 2007 - 7:46 p.m.

CVE-2007-6041

2007-11-2019:46:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-6041

buffer overflow

sequencer::queuemessage

rigs of rods

server

denial of service

remote code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

High

0.369 Low

EPSS

Percentile

97.2%

JSON

Buffer overflow in the Sequencer::queueMessage function in sequencer.cpp in the server in Rigs of Rods (RoR) before 0.33d SP1 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code by sending a nickname, then a vehicle name in a MSG2_USE_VEHICLE message, in which the combined length triggers the overflow.

Affected configurations

NVD

Node

rigs_of_rogsrigs_of_rogsRange≤0.33d

CPENameOperatorVersion
rigs_of_rogs:rigs_of_rogsrigs of rogsle0.33d

CPE	Name	Operator	Version
rigs_of_rogs:rigs_of_rogs	rigs of rogs	le	0.33d

References

aluigi.altervista.org/adv/rorbof-adv.txt

aluigi.org/poc/rorbof.zip

forum.rigsofrods.com/index.php?topic=3140.0

secunia.com/advisories/27729

www.securityfocus.com/bid/26502

www.vupen.com/english/advisories/2007/3938

exchange.xforce.ibmcloud.com/vulnerabilities/38549

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

High

0.369 Low

EPSS

Percentile

97.2%

JSON

Related for CVE-2007-6041

nvd1 prion1 cvelist1