CVE-2003-1432

CWE-94 — Code Injection CWE-1893 documents3 sources

Severity

10.0CRITICAL

EPSS

18.7%

top 4.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Epic Games Unreal Engine Epic Games Unreal Tournament 2003

Timeline

PublishedDec 31

Latest updateApr 29

Description

Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDepic_games/unreal_engine226f, 433, 436+2

▶NVDepic_games/unreal_tournament_20034 versions+3

🔴Vulnerability Details

GHSA

GHSA-h457-7gvf-jx74: Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitra↗2022-04-29

▶

CVEList

CVE-2003-1432: Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitra↗2007-10-23

▶