1. Home
  2. CVE Database
  3. CVE-2007-4642
HIGH · 10.0

CVE-2007-4642

Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D...

Vulnerability Description

Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
DoomsdayDoomsday<= 1.9.0_beta5.1

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2007-4642?

CVE-2007-4642 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D...

How severe is CVE-2007-4642?

CVE-2007-4642 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4642?

Check the references section above for vendor advisories and patch information. Affected products include: Doomsday Doomsday.