Vulnerability Details : CVE-2016-9400
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.
Vulnerability category: OverflowExecute code
Products affected by CVE-2016-9400
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:a:teeworlds:teeworlds:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9400
1.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9400
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-9400
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9400
-
https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62
added some checks to snap handling · teeworlds/teeworlds@ff25472 · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://www.teeworlds.com/?page=news&id=12086
TeeworldsVendor Advisory
-
http://www.openwall.com/lists/oss-security/2016/11/17/8
oss-security - Re: CVE Request: teeworlds: possible remote code execution on teeworlds clientMailing List;Patch;Third Party Advisory
-
https://security.gentoo.org/glsa/201705-13
Teeworlds: Remote execution of arbitrary code on client (GLSA 201705-13) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/bid/94381
Teeworlds 'client.cpp' Memory Corruption VulnerabilityThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2016/11/16/8
oss-security - CVE Request: teeworlds: possible remote code execution on teeworlds clientMailing List;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C4JNSBXXPE7O32ZMFK7D7YL6EKLG7PRV/
[SECURITY] Fedora 23 Update: teeworlds-0.6.4-1.fc23 - package-announce - Fedora Mailing-ListsThird Party Advisory
Jump to