Ea: Security Vulnerabilities
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.
CVSS Score
7.8
EPSS Score
0.027
Published
2009-04-21
The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference.
CVSS Score
5.0
EPSS Score
0.095
Published
2009-04-10
Page 2