Lucene search

[email protected]CVE-2009-2548

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-2548

2022-10-0316:24:06

CWE-134

[email protected]

web.nvd.nist.gov

cve-2009-2548

armed assault

arma

format string vulnerability

denial of service

code execution

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request, which is not properly handled when logging an error message.

Affected configurations

NVD

Node

bistudioarmaRange≤1.16_beta

bistudioarmaMatch1.14

bistudioarma_2Range≤1.02

CPENameOperatorVersion
bistudio:armabistudio armale1.16_beta
bistudio:armabistudio armaeq1.14
bistudio:arma_2bistudio arma 2le1.02

CPE	Name	Operator	Version
bistudio:arma	bistudio arma	le	1.16_beta
bistudio:arma	bistudio arma	eq	1.14
bistudio:arma_2	bistudio arma 2	le	1.02

References

aluigi.altervista.org/adv/armazzofs-adv.txt

www.vupen.com/english/advisories/2009/1951

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

Related for CVE-2009-2548

nvd1 prion1 cvelist1