Vulnerabilities > CVE-2006-3393 - Remote Denial of Service vulnerability in NASCAR Racing UDP Datagram

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

electronic-arts

NVD

Published: 2006-07-06

Updated: 2017-07-20

Summary

Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket.

Vulnerable Configurations

Part	Description	Count
Application	Electronic_Arts Electronic Arts Nascar Racing *	1

References

http://aluigi.altervista.org/adv/nascarzero-adv.txt
http://secunia.com/advisories/20947
http://www.securityfocus.com/bid/18778
http://www.vupen.com/english/advisories/2006/2647
https://exchange.xforce.ibmcloud.com/vulnerabilities/27522