CVE-2025-14308
published 2025-12-09CVE-2025-14308: An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length…
PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.49%
38.5th percentile
An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | robocode | — | — |
| robocode | robocode | — | — |
| robocode_project | robocode | — | — |
| ubuntu | robocode | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2025-14308: An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1
osv·2025-12-09·CVSS 10.0
CVE-2025-14308 [CRITICAL] CVE-2025-14308: An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1
An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.
GHSA
GHSA-jqf9-28w7-q25g: An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1
ghsa_unreviewed·2025-12-09
CVE-2025-14308 [CRITICAL] CWE-190 GHSA-jqf9-28w7-q25g: An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1
An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.
Ubuntu
Robocode vulnerabilities
vendor_ubuntu·2026-06-04·CVSS 9.8
CVE-2025-14307 [CRITICAL] Robocode vulnerabilities
Title: Robocode vulnerabilities
Summary: Several security issues were fixed in Robocode.
It was discovered that Robocode could be tricked into making network
requests to attacker-controlled systems. An attacker could possibly use
this issue to cause external service interaction, resulting in
information disclosure. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2019-10648)
Lim Sim Yee discovered that Robocode did not properly validate file
paths in the CacheCleaner component. An attacker could possibly use this
issue to delete arbitrary files. (CVE-2025-14306)
Lim Sim Yee discovered that Robocode did not securely create temporary
files in the AutoExtract component. An attacker could possibly use this
issue to manipulate temporary files, resulting in arbitrary code
Debian
CVE-2025-14308: robocode - An integer overflow vulnerability exists in the write method of the Buffer class...
vendor_debian·2025·CVSS 10.0
CVE-2025-14308 [CRITICAL] CVE-2025-14308: robocode - An integer overflow vulnerability exists in the write method of the Buffer class...
An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No public exploits indexed.
2025-12-09
Published