cbcvebase.
CVE-2011-10014
published 2025-08-13

CVE-2011-10014: GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg…

PriorityP351high8.7CVSS 4.0
AVLACLATPPRNUIAVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.34%
26.2th percentile
GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg configuration file. The vulnerability allows local attackers to execute arbitrary code when the server binary (samp-server.exe) processes a crafted echo directive containing excessive input. The original 'sa-mp.com' site is defunct, but the community maintains mirrors and forks that may be vulnerable.

Affected

1 ranges
VendorProductVersion rangeFixed in
sa-mp_teamsan_andreas_multiplayer

Detection & IOCsextracted from sources · hover to see the quote

filenamesamp-server.exe
filenameserver.cfg
  • Monitor for execution of samp-server.exe where the accompanying server.cfg contains an oversized or malformed 'echo' directive — this is the specific trigger for the stack-based buffer overflow.
  • Flag delivery of server.cfg files via email, file transfer, or download alongside samp-server.exe, as the attack vector requires the victim to receive and run both files together.
  • Inspect server.cfg files for abnormally long 'echo' directive values; legitimate echo directives are short, and excessive input in this field is the direct overflow trigger.
  • ·This is a local/file-format attack — exploitation requires the victim to manually run samp-server.exe with the malicious server.cfg present; it is not remotely exploitable over the network.
  • ·The affected version is specifically SA-MP 0.3.1.1; community mirrors and forks may also carry the vulnerable binary, so version pinning alone is insufficient for full coverage.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.