CVE-2003-1432

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2003-12-31 CVE Published
2007-10-22 CVE Reserved
2024-07-19 EPSS Updated
2024-08-08 CVE Updated
2024-08-08 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-189: Numeric Errors

CAPEC

References (8)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html	Mailing List
http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html	Mailing List
http://archives.neohapsis.com/archives/bugtraq/2003-05/0142.html	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/11302	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/11305	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/12012	Vdb Entry

URL	Date	SRC
http://www.securityfocus.com/bid/6770	2024-08-08
http://www.securityfocus.com/bid/6772	2024-08-08

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Epic Games Search vendor "Epic Games"		Unreal Engine Search vendor "Epic Games" for product "Unreal Engine"				226f Search vendor "Epic Games" for product "Unreal Engine" and version "226f"		-		Affected
Epic Games Search vendor "Epic Games"		Unreal Engine Search vendor "Epic Games" for product "Unreal Engine"				433 Search vendor "Epic Games" for product "Unreal Engine" and version "433"		-		Affected
Epic Games Search vendor "Epic Games"		Unreal Engine Search vendor "Epic Games" for product "Unreal Engine"				436 Search vendor "Epic Games" for product "Unreal Engine" and version "436"		-		Affected
Epic Games Search vendor "Epic Games"		Unreal Tournament 2003 Search vendor "Epic Games" for product "Unreal Tournament 2003"				2199_linux Search vendor "Epic Games" for product "Unreal Tournament 2003" and version "2199_linux"		-		Affected
Epic Games Search vendor "Epic Games"		Unreal Tournament 2003 Search vendor "Epic Games" for product "Unreal Tournament 2003"				2199_win32 Search vendor "Epic Games" for product "Unreal Tournament 2003" and version "2199_win32"		-		Affected
Epic Games Search vendor "Epic Games"		Unreal Tournament 2003 Search vendor "Epic Games" for product "Unreal Tournament 2003"				demo_version_2206_linux Search vendor "Epic Games" for product "Unreal Tournament 2003" and version "demo_version_2206_linux"		-		Affected
Epic Games Search vendor "Epic Games"		Unreal Tournament 2003 Search vendor "Epic Games" for product "Unreal Tournament 2003"				demo_version_2206_win32 Search vendor "Epic Games" for product "Unreal Tournament 2003" and version "demo_version_2206_win32"		-		Affected