CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-7095

Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a signed short and results in a buffer overflow.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.025

EPSS Ranking 84.8%

CVSS Severity

CVSS v2 Score 10.0

References

http://aluigi.altervista.org/adv/dim3bof-adv.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/26082
http://aluigi.altervista.org/adv/dim3bof-adv.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/26082

Products affected by CVE-2006-7095

Klink » Dim3 » Version: Any

cpe:2.3:a:klink:dim3:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-7095

Products

Pricing

Contact Us