Vulnerability Details CVE-2006-3908
Format string vulnerability in the flush_output function in ConsoleStreambuf.cpp in Game Network Engine (GNE) 0.70 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute code via format string specifiers in unspecified vectors involving output to the gout console.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://aluigi.altervista.org/adv/gnefs-adv.txt
- http://gnelib.cvs.sourceforge.net/gnelib/gnelib/src/ConsoleStreambuf.cpp?r1=1.8&r2=1.9&sortby=date
- http://www.securityfocus.com/bid/19154
- http://www.vupen.com/english/advisories/2006/2993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27959
- http://aluigi.altervista.org/adv/gnefs-adv.txt
- http://gnelib.cvs.sourceforge.net/gnelib/gnelib/src/ConsoleStreambuf.cpp?r1=1.8&r2=1.9&sortby=date
- http://www.securityfocus.com/bid/19154
- http://www.vupen.com/english/advisories/2006/2993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27959
Products affected by CVE-2006-3908
-
cpe:2.3:a:gillius_programming:game_networking_engine:*
-
cpe:2.3:a:gillius_programming:game_networking_engine:cvs_2006-07-23