Vulnerability CVE-2008-3492


Published: 2008-08-06   Modified: 2012-02-12

Description:
America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted UDP packet, probably involving a VoiceIndex value that is outside of the range specified by VOICE_MAX_CHATTERS.

Type:

CWE-20

(Improper Input Validation)

Vendor: Americasarmy
Product: America's army 
Version:
2.8.3.1
2.8.3
2.8.2
2.8.1
2.8.0
2.7.0
2.6.0
2.5.0
2.4.0
2.3.0
2.2.1
2.2.0
2.1.0
2.0.0
1.9.0
1.7.0
1.6.0
1.5.0
1.4.0
1.3.0
1.2.1
1.2.0
1.1.1
1.0.1
1.0.0

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://aluigi.altervista.org/adv/armynchia-adv.txt
http://aluigi.org/poc/armynchia.zip
http://www.securityfocus.com/archive/1/495061/100/0/threaded
http://www.securityfocus.com/bid/30519
https://exchange.xforce.ibmcloud.com/vulnerabilities/44152

Copyright 2019, cxsecurity.com

 

Back to Top