Strix
26.1K

CVE-2007-4642

UnknownEPSS 16.31%

Last modified

CVE-2007-4642 is a vulnerability of currently unknown severity. Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.. EPSS estimates a 16.31% chance of exploitation in the next 30 days.

Description

Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.

Metrics

EPSS Probability
16.31%

96.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DoomsdayDoomsday<= 1.9.0_beta5.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-4642?
Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.
How severe is CVE-2007-4642?
Severity scoring for CVE-2007-4642 is pending analysis. The EPSS model estimates a 16.31% probability of exploitation in the next 30 days.
How do I fix CVE-2007-4642?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-4642?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST