Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1805

4 documents4 sources
Severity
5.0MEDIUM
EPSS
17.9%
top 4.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Epic Games Unreal Engine
Timeline
PublishedDec 31
Latest updateApr 29

Description

Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in class names.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDepic_games/unreal_engine226f, 433, 436+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-48p4-c835-2pjf: Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service (crash) and possibly2022-04-29
CVEList
CVE-2004-1805: Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service (crash) and possibly2005-05-10

💥Exploits & PoCs

1
Exploit-DB
Epic Games Unreal Tournament Server 436.0 - Engine Remote Format String2004-03-10
CVE-2004-1805 (MEDIUM CVSS 5) | Format string vulnerability in game | cvebase.io