CVE-2018-1000224

Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:godotengine:godot:*:*:*:*:*:*:*:*
cpe:2.3:a:godotengine:godot:*:*:*:*:*:*:*:*

Information

Published : 2018-08-20 13:29

Updated : 2020-08-24 10:37


NVD link : CVE-2018-1000224

Mitre link : CVE-2018-1000224


JSON object : View

CWE
CWE-909

Missing Initialization of Resource

CWE-190

Integer Overflow or Wraparound

CWE-908

Use of Uninitialized Resource

CWE-681

Incorrect Conversion between Numeric Types

CWE-131

Incorrect Calculation of Buffer Size

Advertisement

dedicated server usa

Products Affected

godotengine

  • godot