CVE-2018-18541Improper Input Validation in Teeworlds

CWE-20Improper Input Validation7 documents5 sources
Severity
7.5HIGHNVD
EPSS
1.9%
top 16.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
TeeworldsDebian TeeworldsDebian Linux
Timeline
PublishedOct 20
Latest updateMay 14

Description

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/teeworlds< teeworlds 0.7.0-1 (bookworm)
NVDteeworlds/teeworlds< 0.6.5
Debianteeworlds/teeworlds< 0.7.0-1+3

Also affects: Debian Linux 9.0

Patches

Patch: bugs.debian.orgPatch: github.comPatch: bugs.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-8wj8-f5hm-vg9x: In Teeworlds before 02022-05-14
OSV
CVE-2018-18541: In Teeworlds before 02018-10-20

📋Vendor Advisories

1
Debian
CVE-2018-18541: teeworlds - In Teeworlds before 0.6.5, connection packets could be forged. There was no chal...2018

💬Community

3
Bugzilla
CVE-2018-18541 teeworlds: Missing challenge-response in the connection build up [fedora-all]2018-10-22
Bugzilla
CVE-2018-18541 teeworlds: Missing challenge-response in the connection build up2018-10-22
Bugzilla
CVE-2018-18541 teeworlds: Missing challenge-response in the connection build up [epel-7]2018-10-22