The do_gameinfo function in BomberClone 0.11.6 and previous versions, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote malicious users to read portions of server memory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bomberclone bomberclone |
||
bomberclone bomberclone 0.11.3 |
||
bomberclone bomberclone 0.11.5 |
||
bomberclone bomberclone 0.11.4 |