Vulnerability Details CVE-2008-6704
Integer overflow in the NET_Compressor::Decompress function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (server crash) via a crafted packet with a 0xc1 value that contains no compressed data, which triggers a copy of a large amount of memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://aluigi.altervista.org/adv/stalker39x-adv.txt
- http://osvdb.org/46627
- http://secunia.com/advisories/30891
- http://www.securityfocus.com/archive/1/493765
- http://www.securityfocus.com/bid/29997
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43456
- http://aluigi.altervista.org/adv/stalker39x-adv.txt
- http://osvdb.org/46627
- http://secunia.com/advisories/30891
- http://www.securityfocus.com/archive/1/493765
- http://www.securityfocus.com/bid/29997
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43456
Products affected by CVE-2008-6704
-
cpe:2.3:a:stalker-game:s.t.a.l.k.e.r.:_shadow_of_chernobyl