Published: 22/06/2020 Updated: 27/01/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
chocolate-doom crispy doom 5.8.0
chocolate-doom chocolate doom 3.0.0
opensuse leap 15.1
opensuse leap 15.2
opensuse backports sle-15

Debian Bug report logs - #964564 CVE-2020-14983 Package: crispy-doom; Maintainer for crispy-doom is Debian Games Team <pkg-games-devel@listsaliothdebianorg>; Source for crispy-doom is src:crispy-doom (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 8 Jul 2020 18:24:02 UTC Severit ...

SocketInjectingFuzzer

SocketInjectingFuzzer SocketInjectingFuzzer is a dumb fuzzer, focused on applications working in a client-server architecture It uses the LD_PRELOAD trick to hook network sending functions (sendto, send, write etc) and mutates outgoing data using radamsa Installation Prepare $ git clone githubcom/mmmds/sif $ cd sif $ git clone --depth 1 gitlabcom/akihe/rad

CWE-120 https://github.com/chocolate-doom/chocolate-doom/issues/1293 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00012.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964564 https://nvd.nist.gov https://github.com/mmmds/sif

CVE-2020-14983

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect