Lucene search

MitreCVE-2006-0771

HistoryFeb 18, 2006 - 9:02 p.m.

CVE-2006-0771

2006-02-1821:02:00

CWE-134

mitre

web.nvd.nist.gov

cve-2006-0771

punkbuster

format string

vulnerability

denial of service

remote attack

arbitrary code

nvd

soldier of fortune ii

game security

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.093

Percentile

94.7%

JSON

Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason.

Affected configurations

Nvd

Node

even_balancepunkbusterRange≤1.180

VendorProductVersionCPE
even_balancepunkbuster*cpe:2.3:a:even_balance:punkbuster:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
even_balance	punkbuster	*	cpe:2.3:a:even_balance:punkbuster::::::::

References

aluigi.altervista.org/adv/sof2pbfs-adv.txt

archives.neohapsis.com/archives/fulldisclosure/2006-02/0372.html

secunia.com/advisories/18917

securityreason.com/securityalert/448

www.securityfocus.com/archive/1/425286/100/0/threaded

www.securityfocus.com/bid/16703

exchange.xforce.ibmcloud.com/vulnerabilities/24792

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.093

Percentile

94.7%

JSON

Related for CVE-2006-0771