CVE-2011-10020
published 2025-08-20CVE-2011-10020: Kaillera Server version 0.86 is vulnerable to a denial-of-service condition triggered by sending a malformed UDP packet after the initial handshake. Once a…
PriorityP264high8.7CVSS 4.0
AVNACLATNPRNUINVCNVINVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.85%
53.5th percentile
Kaillera Server version 0.86 is vulnerable to a denial-of-service condition triggered by sending a malformed UDP packet after the initial handshake. Once a client sends a valid HELLO0.83 packet and receives a response, any subsequent malformed packet causes the server to crash and become unresponsive. This flaw stems from improper input validation in the server’s UDP packet handler, allowing unauthenticated remote attackers to disrupt service availability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kaillera_project | server | <= 0.86 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring for a UDP HELLO0.83 handshake packet to the Kaillera server followed immediately by a malformed/invalid UDP packet from the same source — this two-packet sequence is the attack pattern. ↗
- →Alert on unauthenticated remote UDP sessions to Kaillera server (default port) where the session begins with a valid HELLO0.83 packet but subsequent packets fail to conform to expected protocol structure. ↗
- ·Vulnerability is specific to Kaillera Server version 0.86 only; other versions may not be affected. ↗
- ·The attack requires no authentication — any unauthenticated remote attacker can trigger the crash after completing only the initial HELLO handshake, meaning network-level access controls are the primary mitigation surface. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://kaillera.com/https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/games/kaillera.rbhttps://www.exploit-db.com/exploits/17460https://www.vulncheck.com/advisories/kaillera-server-dos-via-malformed-udp-packethttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/games/kaillera.rbhttps://www.exploit-db.com/exploits/17460
2025-08-20
Published