CVE-2007-5249

Published Oct 6, 2007

Last updated 6 years ago

Overview

Description: Multiple buffer overflows in the logging function in the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to cause a denial of service (daemon crash) via a long (1) PB_Y packet to the YPG server on UDP port 1716 or (2) PB_U packet to UCON on UDP port 1716, different vectors than CVE-2007-4442. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:americasarmy:america\\'s_army:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A9CF443-569C-4B00-9727-28B9F8596712",
            "versionEndIncluding": "2.8.2"
          },
          {
            "criteria": "cpe:2.3:a:americasarmy:america\\'s_army_special_forces:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "211C4D46-83C1-4FBE-88B8-A5F113BAA6A9",
            "versionEndIncluding": "2.8.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References