icon

We found results for “

CVE-2018-1000224

Good to know:

icon

Date: August 20, 2018

Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b.

Language: C++

Severity Score

Severity Score

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Integer Overflow or Wraparound

CWE-190

Incorrect Calculation of Buffer Size

CWE-131

Use of Uninitialized Resource

CWE-908

Incorrect Conversion between Numeric Types

CWE-681

Missing Initialization of Resource

CWE-909

Top Fix

icon

Upgrade Version

Upgrade to version 2.1.5-stable,3.0.6-stable

Learn More

CVSS v3

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us