Gentoo FoundationGLSA-200606-20Typespeed: Remote execution of arbitrary code
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.155 Low
EPSS
Percentile
95.9%
Background
Typespeed is a game to test and practice 10-finger-typing. Network code allows two users to compete head-to-head.
Description
Niko Tyni discovered a buffer overflow in the addnewword() function of Typespeed’s network code.
Impact
By sending specially crafted network packets to a machine running Typespeed in multiplayer mode, a remote attacker can execute arbitrary code with the permissions of the user running the game.
Workaround
Do not run Typespeed in multiplayer mode. There is no known workaround at this time for multiplayer mode.
Resolution
All Typespeed users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-misc/typespeed-0.5.0"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | games-misc/typespeed | < 0.5.0 | UNKNOWN |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.155 Low
EPSS
Percentile
95.9%