CVE-2016-9400

moderate-risk
Published 2017-02-22

The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.

Do I need to act?

~
3.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: ff254722a2683867fcb3e67569ffd36226c4bc62
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Teeworlds

Affected Vendors

Fedoraproject Teeworlds

References (14)

Mailing List http://www.openwall.com/lists/oss-security/2016/11/16/8
Mailing List http://www.openwall.com/lists/oss-security/2016/11/17/8
Third Party Advisory http://www.securityfocus.com/bid/94381
Issue Tracking https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://security.gentoo.org/glsa/201705-13
Vendor Advisory https://www.teeworlds.com/?page=news&id=12086
Mailing List http://www.openwall.com/lists/oss-security/2016/11/16/8
Mailing List http://www.openwall.com/lists/oss-security/2016/11/17/8
Third Party Advisory http://www.securityfocus.com/bid/94381
Issue Tracking https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://security.gentoo.org/glsa/201705-13
Vendor Advisory https://www.teeworlds.com/?page=news&id=12086
46
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 7/34 · Low