CVE-2008-6712

2009-04-1015:00:00

mitre

www.cve.org

6.6 Medium

AI Score

Confidence

High

0.117 Low

EPSS

Percentile

95.3%

JSON

The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference.

References

aluigi.org/poc/dontcrysis.txt

archives.neohapsis.com/archives/fulldisclosure/2008-06/0211.html

osvdb.org/46261

secunia.com/advisories/30675

www.securityfocus.com/archive/1/493385/100/0/threaded

www.securityfocus.com/bid/29759

exchange.xforce.ibmcloud.com/vulnerabilities/43126