CVE-2018-18541

EPSS 1.88%
Veröffentlicht 20.10.2018 22:29:00
Zuletzt bearbeitet 21.11.2024 03:56:07
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Teeworlds ≫ Teeworlds Version < 0.6.5

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.88%	0.825

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00046.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00077.html

https://bugs.debian.org/911487

Patch

Third Party Advisory

Mailing List

https://github.com/teeworlds/teeworlds/issues/1536

Patch

Vendor Advisory

https://teeworlds.com/?page=news&id=12544

Vendor Advisory

https://www.debian.org/security/2018/dsa-4329

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-18541

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-18541

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-18541

EUVD