6.5
CVE-2014-7222
- EPSS 10.97%
- Veröffentlicht 08.01.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 02:16:33
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginBuffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab with two \\ (backslash) characters, a digit, a \ (backslash) character, and "z" in a series of nested img BBCODE tags.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Teamspeak ≫ Teamspeak3 SwEditionclient Version <= 3.0.14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.97% | 0.953 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://r4p3.net/public/ts3bbcodefreeze.txt
http://www.securityfocus.com/bid/70219
http://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html
http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905/
https://exchange.xforce.ibmcloud.com/vulnerabilities/96890