CVE-2020-24213

Vulnerability

An integer overflow vulnerability exists in YGOPro ygocore version 13.51 in the functions SingleDuel::UpdateDeck and SingleDuel::PlayerReady. When a player sends a packet with malicious mainc and sidec sizes, these values are treated as unsigned integers during a size check. If the sum of mainc and sidec overflows to a small value (e.g., 1 and -1), the verification passes, but subsequent calls to DeckManager::LoadDeck or DeckManager::LoadSide use these values as loop bounds, causing a buffer overread [1].

Exploitation

An attacker with network access to a game server can send a custom packet with mainc and sidec values that trigger the integer overflow. For example, setting mainc=1 and sidec=-1 results in a sum of zero, bypassing the length check. This leads to a buffer overread in LoadDeck as it reads memory beyond the intended buffer [1].

Impact

Successful exploitation allows an attacker to read arbitrary contents of the game server thread's memory, leading to information disclosure of sensitive data [1].

Mitigation

No official fix has been disclosed in the available references [1]. Users should monitor the upstream repository for patches or updates.