Unrated severityNVD Advisory· Published Oct 6, 2007· Updated Apr 23, 2026

CVE-2007-5249

Description

Multiple buffer overflows in the logging function in the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to cause a denial of service (daemon crash) via a long (1) PB_Y packet to the YPG server on UDP port 1716 or (2) PB_U packet to UCON on UDP port 1716, different vectors than CVE-2007-4442. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.

Affected products

Americasarmy/America\'s Army
cpe:2.3:a:americasarmy:america\'s_army:*:*:*:*:*:*:*:*
Range: <=2.8.2
Americasarmy/America\'s Army Special Forces
cpe:2.3:a:americasarmy:america\'s_army_special_forces:*:*:*:*:*:*:*:*
Range: <=2.8.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

aluigi.altervista.org/adv/aaboompb-adv.txtnvdExploit
aluigi.org/poc/aaboompb.zipnvdExploit
secunia.com/advisories/27015nvdVendor Advisory
securityreason.com/securityalert/3193nvd
www.securityfocus.com/archive/1/481227/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/36897nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000