CVE-2003-1432 | Vulnerability Database | Aqua Security

Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.

Affected Software

Name	Vendor	Start Version	End Version
Unreal_engine	Epic_games	226f (including)	226f (including)
Unreal_engine	Epic_games	433 (including)	433 (including)
Unreal_engine	Epic_games	436 (including)	436 (including)
Unreal_tournament_2003	Epic_games	2199_linux (including)	2199_linux (including)
Unreal_tournament_2003	Epic_games	2199_win32 (including)	2199_win32 (including)
Unreal_tournament_2003	Epic_games	demo_version_2206_linux (including)	demo_version_2206_linux (including)
Unreal_tournament_2003	Epic_games	demo_version_2206_win32 (including)	demo_version_2206_win32 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html
http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html
http://archives.neohapsis.com/archives/bugtraq/2003-05/0142.html
http://www.securityfocus.com/bid/6770
http://www.securityfocus.com/bid/6772
https://exchange.xforce.ibmcloud.com/vulnerabilities/11302
https://exchange.xforce.ibmcloud.com/vulnerabilities/11305
https://exchange.xforce.ibmcloud.com/vulnerabilities/12012

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-1432
CWE	https://cwe.mitre.org/data/definitions/189.html