Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-7011

CWE-3994 documents4 sources

Severity

4.0MEDIUM

EPSS

3.5%

top 12.46%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Epic Games Unreal Tournament Whiptail Interactive Postal

Timeline

PublishedAug 19

Latest updateMay 14

Description

The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDepic_games/unreal_tournament2003, 2004, 3+2

▶NVDwhiptail_interactive/postal2

🔴Vulnerability Details

GHSA

GHSA-f3rf-78w5-mwvx: The Unreal engine, as used in Unreal Tournament 3 1↗2022-05-14

▶

CVEList

CVE-2008-7011: The Unreal engine, as used in Unreal Tournament 3 1↗2009-08-19

▶

💥Exploits & PoCs

Exploit-DB

Unreal Engine - 'UnChan.cpp' Failed Assertion Remote Denial of Service↗2008-09-16

▶