CVE-2004-2361

Vulnerability

The Digital Reality game engine used in Haegemonia versions 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps version 1.0 contains an out-of-bounds read vulnerability. The bug is triggered when a remote attacker sends a chat message packet where the 32-bit field specifying the message length is set to an excessively large value. This causes the server to read beyond the allocated memory buffer, resulting in a crash [1][2].

Exploitation

An attacker needs only network access to the game server. For servers using the Gamespy Internet matchmaking system, the vulnerability is exploitable only when the server is in the final multiplayer lobby (the screen reached after launching the server without Gamespy support), not in the earlier chat room screen [1]. The attacker sends a single crafted packet containing a chat message with an oversized length value. No authentication or user interaction is required [1][2].

Impact

A successful exploit causes the server to attempt to read from unallocated memory, leading to a denial of service (crash) of the game server process. The attacker does not gain any code execution or data access; the impact is purely availability loss for the multiplayer session [1][2].

Mitigation

No official fix was ever released by the developer; the vendor did not respond to the reporter's disclosure emails [1][2]. As of the publication date (2004-12-31), users must rely on network-level filtering or restrict access to trusted players to prevent exploitation. The games are now legacy titles and are not listed on the CISA KEV catalog [1][2].