CVE-2006-1010 : Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmod

Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request.

Published 2006-03-06 21:02:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Products affected by CVE-2006-1010

Crossfire » Crossfire » Version: 1.8.0
cpe:2.3:a:crossfire:crossfire:1.8.0:*:*:*:*:*:*:*
Matching versions
Crossfire » Crossfire » Version: 1.7.0
cpe:2.3:a:crossfire:crossfire:1.7.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-1010

EPSS FAQ

28.41%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-1010

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.4	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-1010

http://www.osvdb.org/23549

404 Not Found
http://cvs.sourceforge.net/viewcvs.py/crossfire/crossfire/socket/request.c?r1=1.80&r2=1.81

Crossfire RPG game download | SourceForge.net
Patch
http://www.debian.org/security/2006/dsa-1001

[SECURITY] [DSA 1001-1] New crossfire packages fix arbitrary code execution
http://secunia.com/advisories/19785

About Secunia Research | Flexera
http://www.gentoo.org/security/en/glsa/glsa-200604-11.xml

Crossfire server: Denial of Service and potential arbitrary code execution (GLSA 200604-11) — Gentoo security
http://aluigi.altervista.org/poc/crossfirebof.zip

Exploit;Vendor Advisory
http://www.vupen.com/english/advisories/2006/0760

Site en construction
http://secunia.com/advisories/19194

About Secunia Research | Flexera
http://secunia.com/advisories/19044

About Secunia Research | Flexera
Exploit;Patch;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24932

Crossfire oldsocketmode buffer overflow CVE-2006-1010 Vulnerability Report
http://www.securityfocus.com/bid/16883

Jump to

Vulnerability Details : CVE-2006-1010

Products affected by CVE-2006-1010

Exploit prediction scoring system (EPSS) score for CVE-2006-1010

CVSS scores for CVE-2006-1010

References for CVE-2006-1010