Stack overflow

2012-10-0818:55:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

Low

0.061 Low

EPSS

Percentile

93.6%

JSON

Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.

CPENameOperatorVersion
torcseq1.3.0
torcseq1.3.1
torcsle1.3.2
torcseq1.2.4
torcseq1.2.3

Name	Operator	Version
torcs	eq	1.3.0
torcs	eq	1.3.1
torcs	le	1.3.2
torcs	eq	1.2.4
torcs	eq	1.2.3

References

freecode.com/projects/torcs/releases/341672

torcs.sourceforge.net/index.php?name=News&file=article&sid=79

www.openwall.com/lists/oss-security/2012/02/18/2

www.openwall.com/lists/oss-security/2012/03/05/18

www.osvdb.org/79372

www.exploit-db.com/exploits/18471