CVE-2021-43518
https://notcve.org/view.php?id=CVE-2021-43518
Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution. Teeworlds versiones hasta 0.7.5 incluyéndola, es vulnerable a un desbordamiento del búfer. Un analizador de mapas no comprueba el valor m_Channels procedente de un archivo de mapas, conllevando a un desbordamiento del búfer. • https://github.com/teeworlds/teeworlds/issues/2981 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIYZ7EVY6NZBM7FQF6GVUARYO6MKSEAT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OS2LI2RHQNUKUT3FKWYHRC27PLRWCHMZ https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-20787
https://notcve.org/view.php?id=CVE-2019-20787
Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size. Teeworlds versiones anteriores a la versión 0.7.4, tiene un desbordamiento de enteros al calcular un tamaño de tilemap. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00045.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVYG7CCPS5F3OPOQMJKVNXTQ7BXSEX2V https://www.teeworlds.com/forum/viewtopic.php?pid=123860 • CWE-190: Integer Overflow or Wraparound •
CVE-2018-18541
https://notcve.org/view.php?id=CVE-2018-18541
In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. En Teeworlds en versiones anteriores a la 0.6.5, podrían falsificarse paquetes de conexión. No ha habido un desafío-respuesta involucrado en el build up de conexión. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00077.html https://bugs.debian.org/911487 https://github.com/teeworlds/teeworlds/issues/1536 https://teeworlds.com/?page=news&id=12544 https://www.debian.org/security/2018/dsa-4329 • CWE-20: Improper Input Validation •
CVE-2016-9400
https://notcve.org/view.php?id=CVE-2016-9400
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. El método CClient::ProcessServerPacket en engine/client/client.cpp en Teeworlds en versiones anteriores a 0.6.4 permite a servidores remotos escribir en ubicaciones de memoria física arbitrarias y posiblemente ejecutar código arbitrario a través de vectores que involucran manipulación rápida. • http://www.openwall.com/lists/oss-security/2016/11/16/8 http://www.openwall.com/lists/oss-security/2016/11/17/8 http://www.securityfocus.com/bid/94381 https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C4JNSBXXPE7O32ZMFK7D7YL6EKLG7PRV https://security.gentoo.org/glsa/201705-13 https://www.teeworlds.com/?page=news&id=12086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •