CVE-2019-10877
https://notcve.org/view.php?id=CVE-2019-10877
In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled. En Teeworlds 0.7.2, hay un desbordamiento de enteros en CMap::Load() en engine/shared/map.cpp que puede conducir a un desbordamiento de búfer debido a que una multiplicación de la anchura altura se gestiona de manera incorrecta. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00077.html https://github.com/teeworlds/teeworlds/issues/2071 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KCS2CFDYJFBLZ4QKVPNJWHOZEGQ2LBC • CWE-190: Integer Overflow or Wraparound •
CVE-2018-18541
https://notcve.org/view.php?id=CVE-2018-18541
In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. En Teeworlds en versiones anteriores a la 0.6.5, podrían falsificarse paquetes de conexión. No ha habido un desafío-respuesta involucrado en el build up de conexión. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00077.html https://bugs.debian.org/911487 https://github.com/teeworlds/teeworlds/issues/1536 https://teeworlds.com/?page=news&id=12544 https://www.debian.org/security/2018/dsa-4329 • CWE-20: Improper Input Validation •
CVE-2016-9400
https://notcve.org/view.php?id=CVE-2016-9400
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. El método CClient::ProcessServerPacket en engine/client/client.cpp en Teeworlds en versiones anteriores a 0.6.4 permite a servidores remotos escribir en ubicaciones de memoria física arbitrarias y posiblemente ejecutar código arbitrario a través de vectores que involucran manipulación rápida. • http://www.openwall.com/lists/oss-security/2016/11/16/8 http://www.openwall.com/lists/oss-security/2016/11/17/8 http://www.securityfocus.com/bid/94381 https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C4JNSBXXPE7O32ZMFK7D7YL6EKLG7PRV https://security.gentoo.org/glsa/201705-13 https://www.teeworlds.com/?page=news&id=12086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •