Short description: Denial of service (server) via invalid error number
Official CVE-2006-1998 entry at cve.mitre.org.
Related bug reports:
Patches: (sometimes more fuzz is needed to apply them)
- For version 0.4.5 up to including 0.4.7
- For version 0.4.0 up to including 0.4.0.1
- For version 0.3.5 up to including 0.3.5
Both client and server handle a type of command (PACKET_SERVER_ERROR and PACKET_CLIENT_ERROR) for the visualization of some pre-built errors in the console. The problem happens when an attacker sends an invalid big error number (8 bit) which forces the program to terminate spontaneously through the usage of the error() function. The bug is exploitable only in-game so the attacker must have access to the server: his IP must not be banned, he must know the password if it has been set and the server must not be full.