VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 6, 2006· Updated Apr 16, 2026

CVE-2006-3393

CVE-2006-3393

Description

Papyrus NASCAR Racing 4 and earlier versions are vulnerable to denial of service via empty UDP datagram due to improper handling of zero-size packets.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Papyrus NASCAR Racing 4 and earlier versions are vulnerable to denial of service via empty UDP datagram due to improper handling of zero-size packets.

Vulnerability

The vulnerability is in the network engine of Papyrus NASCAR Racing 4 (<=4.1.3.1.6), NASCAR Racing 2002 Season (<=1.1.0.2), and NASCAR Racing 2003 Season (<=1.2.0.1). The server uses a FIONREAD asynchronous socket that incorrectly discards UDP datagrams of size zero, but the empty datagram is not properly discarded, leading to high CPU consumption. [1]

Exploitation

An attacker can send an empty UDP datagram to any of the game's UDP ports (32766, 32767, 32768) of a server. The attacker needs network access to the server; no authentication is required. The exploit tool is provided in the advisory. [1]

Impact

Successful exploitation causes a denial of service by consuming CPU resources on the server, rendering the game unresponsive. The attacker does not gain any privilege or access to data. [1]

Mitigation

No fix is available as the games are no longer supported by the vendor. Users are advised to block the affected UDP ports at the firewall or discontinue use of the software. [1]

References
  1. http://aluigi.altervista.org/adv/nascarzero-adv.txt

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.