Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dirt_track_racing | Ratbag | 1.0.3 (including) | 1.0.3 (including) |
| Dirt_track_racing | Ratbag | 2.0 (including) | 2.0 (including) |
| Dirt_track_racing_australia | Ratbag | * | * |
| Dirt_track_racing_sprint_cars | Ratbag | * | * |
| Leadfoot | Ratbag | * | * |
| World_of_outlaws_sprint_cars | Ratbag | * | * |
References
- http://marc.info/?l=bugtraq\u0026m=107655269820530\u0026w=2
- http://www.securityfocus.com/bid/9644
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15188
- http://marc.info/?l=bugtraq\u0026m=107655269820530\u0026w=2
- http://www.securityfocus.com/bid/9644
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15188