In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00046.html | |
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00077.html | |
https://bugs.debian.org/911487 | Mailing List Patch Third Party Advisory |
https://github.com/teeworlds/teeworlds/issues/1536 | Patch Vendor Advisory |
https://teeworlds.com/?page=news&id=12544 | Vendor Advisory |
https://www.debian.org/security/2018/dsa-4329 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-10-20T22:00:00
Updated: 2019-08-24T17:06:09
Reserved: 2018-10-20T00:00:00
Link: CVE-2018-18541
JSON object: View
NVD Information
Status : Modified
Published: 2018-10-20T22:29:00.263
Modified: 2019-07-23T18:15:11.860
Link: CVE-2018-18541
JSON object: View
Redhat Information
No data.
CWE