Vulnerability Details CVE-2019-12968
A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker. The issue has been remediated in the Doomseeker 1.3 release with source code patches to the SRB2 plugin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.6%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://bitbucket.org/Doomseeker/doomseeker/commits/ae456aac888cb794ea3292f7f99cb87d6b22a555
- https://bitbucket.org/Doomseeker/doomseeker/commits/b9a90f1f56e704c5cbeefe83da2f9ce939920278
- https://bitbucket.org/Doomseeker/doomseeker/pull-requests/74/more-openbsd-issues-3654-the-srb2-thingy/diff
- https://zandronum.com/tracker/view.php?id=3660
- https://bitbucket.org/Doomseeker/doomseeker/commits/ae456aac888cb794ea3292f7f99cb87d6b22a555
- https://bitbucket.org/Doomseeker/doomseeker/commits/b9a90f1f56e704c5cbeefe83da2f9ce939920278
- https://bitbucket.org/Doomseeker/doomseeker/pull-requests/74/more-openbsd-issues-3654-the-srb2-thingy/diff
- https://zandronum.com/tracker/view.php?id=3660
Products affected by CVE-2019-12968
-
cpe:2.3:a:drdteam:doomseeker:1.1
-
cpe:2.3:a:drdteam:doomseeker:1.2