Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4442

4 documents4 sources
Severity
5.0MEDIUM
EPSS
12.2%
top 6.16%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Epic Games Unreal Engine
Timeline
PublishedAug 21
Latest updateMay 1

Description

Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDepic_games/unreal_engine2003, 2004+1

🔴Vulnerability Details

2
GHSA
GHSA-xm3c-242r-5vmf: Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote at2022-05-01
CVEList
CVE-2007-4442: Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote at2007-08-21

💥Exploits & PoCs

1
Exploit-DB
Epic Games Unreal Engine Logging Function - Remote Denial of Service2007-08-20
CVE-2007-4442 (MEDIUM CVSS 5) | Stack-based buffer overflow in the | cvebase.io