Vulnerabilities > CVE-2006-1194 - Denial of Service vulnerability in ENet
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet with a large command length value, which leads to an invalid memory access.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | ENet Multiple Denial of Service Vulnerabilities. CVE-2006-1194. Dos exploits for multiple platform |
| id | EDB-ID:27420 |
| last seen | 2016-02-03 |
| modified | 2006-03-13 |
| published | 2006-03-13 |
| reporter | Luigi Auriemma |
| source | https://www.exploit-db.com/download/27420/ |
| title | ENet Multiple Denial of Service Vulnerabilities |
References
- http://aluigi.altervista.org/adv/enetx-adv.txt
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043541.html
- http://secunia.com/advisories/19208
- http://securitytracker.com/id?1015767
- http://www.osvdb.org/23844
- http://www.securityfocus.com/archive/1/427465/100/0/threaded
- http://www.securityfocus.com/bid/17087
- http://www.vupen.com/english/advisories/2006/0940
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25157