CVE-2018-18541

EPSS 1.88%
Published 20.10.2018 22:29:00
Last modified 21.11.2024 03:56:07
Source cve@mitre.org
Teams watchlist Login
Open Login

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Teeworlds ≫ Teeworlds Version < 0.6.5

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.88%	0.825

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00046.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00077.html

https://bugs.debian.org/911487

Patch

Third Party Advisory

Mailing List

https://github.com/teeworlds/teeworlds/issues/1536

Patch

Vendor Advisory

https://teeworlds.com/?page=news&id=12544

Vendor Advisory

https://www.debian.org/security/2018/dsa-4329

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-18541

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-18541

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-18541

EUVD