CVE-2007-4754

Format string vulnerability in the safe_bprintf function in acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in a nickname.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/135.html
• https://cwe.mitre.org/data/definitions/67.html

References

• http://aluigi.altervista.org/adv/aa2k7x-adv.txt
• http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0049.html
• http://osvdb.org/40507
• http://secunia.com/advisories/26819
• http://securityreason.com/securityalert/3105
• http://www.quakesrc.org/forums/viewtopic.php?t=6843\u0026start=1
• http://www.securityfocus.com/archive/1/478628/100/0/threaded
• http://www.securityfocus.com/bid/25559
• http://www.vupen.com/english/advisories/2007/3169
• https://exchange.xforce.ibmcloud.com/vulnerabilities/36463
• http://aluigi.altervista.org/adv/aa2k7x-adv.txt
• http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0049.html
• http://osvdb.org/40507
• http://secunia.com/advisories/26819
• http://securityreason.com/securityalert/3105
• http://www.quakesrc.org/forums/viewtopic.php?t=6843\u0026start=1
• http://www.securityfocus.com/archive/1/478628/100/0/threaded
• http://www.securityfocus.com/bid/25559
• http://www.vupen.com/english/advisories/2007/3169
• https://exchange.xforce.ibmcloud.com/vulnerabilities/36463