Live for Speed (LFS) S1 and S2 allows remote attackers to cause a denial of service (server crash) via (1) a certain 0x00 byte in a pre-login ID 3 packet, which triggers a NULL dereference; or (2) a pre-login ID 5 packet that lacks certain strings, which triggers an invalid pointer dereference.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Live_for_speed | Live_for_speed | s1 (including) | s1 (including) |
| Live_for_speed | Live_for_speed | s2 (including) | s2 (including) |