CVE-2021-43518 — Classic Buffer Overflow in Teeworlds

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.6%

top 30.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Teeworlds Debian Teeworlds Fedoraproject Fedora

Timeline

PublishedDec 15

Latest updateDec 16

Description

Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/teeworlds< teeworlds 0.7.5-2 (bookworm)

▶Debianteeworlds/teeworlds< 0.7.5-2+2

▶NVDteeworlds/teeworlds0.7.5

Also affects: Fedora 35, 36

🔴Vulnerability Details

GHSA

GHSA-53xw-cwmg-3m36: Teeworlds up to and including 0↗2021-12-16

▶

OSV

CVE-2021-43518: Teeworlds up to and including 0↗2021-12-15

▶

📋Vendor Advisories

Debian

CVE-2021-43518: teeworlds - Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map pars...↗2021

▶