CVE-2005-3487

Description

Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, (4) a long command that is not properly handled in ComsMessageHandler.cpp when generating an error message, (5) a long UniqueID value in Logger.cpp, and possibly other unspecified vectors.

How to fix CVE-2005-3487

To remediate CVE-2005-3487, upgrade the affected package to a fixed version below.

• Debian/scorched3d—upgrade to 39.1+cvs20050929-2 or later

Is CVE-2005-3487 being exploited?

Moderate — EPSS is 18.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 39.1+cvs20050929-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-3487