The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and previous versions, and CVS 3422, allow remote malicious users to cause a denial of service (engine crash) via a message with a large uiMessageLength that produces a failed memory allocation and a null pointer dereference.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
neoengine neoengine 0.8.2 |