Unrated severityNVD Advisory· Published Feb 18, 2006· Updated Apr 16, 2026

CVE-2006-0771

Description

Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason.

Affected products

Even Balance/Punkbuster
cpe:2.3:a:even_balance:punkbuster:*:*:*:*:*:*:*:*
Range: <=1.180

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/18917nvdVendor Advisory
aluigi.altervista.org/adv/sof2pbfs-adv.txtnvd
archives.neohapsis.com/archives/fulldisclosure/2006-02/0372.htmlnvd
securityreason.com/securityalert/448nvd
www.securityfocus.com/archive/1/425286/100/0/threadednvd
www.securityfocus.com/bid/16703nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24792nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000