Toribash
by Toribash
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4446 | 0.03 | — | 0.04 | Aug 21, 2007 | Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game. | |||
| CVE-2007-4451 | 0.00 | — | 0.02 | Aug 21, 2007 | The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters. | |||
| CVE-2007-4452 | 0.00 | — | 0.02 | Aug 21, 2007 | The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (disconnection) via a long (1) emote or (2) SPEC command. | |||
| CVE-2007-4447 | 0.00 | — | 0.04 | Aug 21, 2007 | Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of service (application crash) via a long SAY command that omits a required LF… | |||
| CVE-2007-4450 | 0.00 | — | 0.02 | Aug 21, 2007 | The server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of… | |||
| CVE-2007-4448 | 0.00 | — | 0.02 | Aug 21, 2007 | The server in Toribash 2.71 and earlier does not properly handle partially joined clients that are temporarily assigned the ID of -1, which allows remote attackers to cause a denial of service (daemon crash) via a GRIP command with the ID of -1. | |||
| CVE-2007-4449 | 0.00 | — | 0.02 | Aug 21, 2007 | The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (application hang) via a command without an LF character, as demonstrated by a SAY command. |
- CVE-2007-4446Aug 21, 2007risk 0.03cvss —epss 0.04
Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game.
- CVE-2007-4451Aug 21, 2007risk 0.00cvss —epss 0.02
The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters.
- CVE-2007-4452Aug 21, 2007risk 0.00cvss —epss 0.02
The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (disconnection) via a long (1) emote or (2) SPEC command.
- CVE-2007-4447Aug 21, 2007risk 0.00cvss —epss 0.04
Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of service (application crash) via a long SAY command that omits a required LF…
- CVE-2007-4450Aug 21, 2007risk 0.00cvss —epss 0.02
The server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of…
- CVE-2007-4448Aug 21, 2007risk 0.00cvss —epss 0.02
The server in Toribash 2.71 and earlier does not properly handle partially joined clients that are temporarily assigned the ID of -1, which allows remote attackers to cause a denial of service (daemon crash) via a GRIP command with the ID of -1.
- CVE-2007-4449Aug 21, 2007risk 0.00cvss —epss 0.02
The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (application hang) via a command without an LF character, as demonstrated by a SAY command.