CVE-2007-4442
published 2007-08-21CVE-2007-4442: Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers…
PriorityP428medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.84%
88.8th percentile
Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| americasarmy | america_s_army | <= 2.8.2 | — |
| americasarmy | america_s_army_special_forces | <= 2.8.2 | — |
| epic_games | unreal_engine | — | — |
| epic_games | unreal_engine | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2f82-6hr5-qm62: Multiple buffer overflows in the logging function in the Unreal engine, as used by America's Army and America's Army Special Forces 2
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-5249 [MEDIUM] CWE-119 GHSA-2f82-6hr5-qm62: Multiple buffer overflows in the logging function in the Unreal engine, as used by America's Army and America's Army Special Forces 2
Multiple buffer overflows in the logging function in the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to cause a denial of service (daemon crash) via a long (1) PB_Y packet to the YPG server on UDP port 1716 or (2) PB_U packet to UCON on UDP port 1716, different vectors than CVE-2007-4442. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
GHSA
GHSA-xm3c-242r-5vmf: Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote at
ghsa_unreviewed·2022-05-01
CVE-2007-4442 [MEDIUM] GHSA-xm3c-242r-5vmf: Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote at
Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII.
No detection rules found.
No writeups or analysis indexed.
http://aluigi.org/adv/unrwebdos-adv.txthttp://aluigi.org/poc/unrwebdos.ziphttp://secunia.com/advisories/26506http://securityreason.com/securityalert/3039http://www.securityfocus.com/archive/1/477026/100/0/threadedhttp://www.securityfocus.com/bid/25374https://exchange.xforce.ibmcloud.com/vulnerabilities/36102http://aluigi.org/adv/unrwebdos-adv.txthttp://aluigi.org/poc/unrwebdos.ziphttp://secunia.com/advisories/26506http://securityreason.com/securityalert/3039http://www.securityfocus.com/archive/1/477026/100/0/threadedhttp://www.securityfocus.com/bid/25374https://exchange.xforce.ibmcloud.com/vulnerabilities/36102
2007-08-21
Published