CVE-2006-1999 (vulnerable 0.3.5 - fixed 0.4.8)

Short description: Denial of service (client) via UDP packet with incorrect size

Official CVE-2006-1999 entry at

Related bug reports:

Related commits:

Patches: (sometimes more fuzz is needed to apply them)

Clients are affected by an harmless bug when they handle UDP packets. The first 2 bytes of each UDP packet are a 16 bit number which specifies the size of the packet. If this value in a received packet is invalid (for example too small) the client returns immediately to the main menu. This bug becomes problematic when a malicious server visible in the master server list sends invalid replies to the queries sent from the clients which want to play online and will be no longer able to do it due to the returning to the main menu.

Note that this is a partial backport of trunk r4413.