CVE-2004-0278

Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data.

Published: Nov 23, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0278
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ratbag / dirt_track_racing_sprint_cars	-	-
ratbag / leadfoot	-	-
ratbag / dirt_track_racing	1.0.3	1.0.3.x
ratbag / world_of_outlaws_sprint_cars	-	-
ratbag / dirt_track_racing_australia	-	-
ratbag / dirt_track_racing	2.0	2.0.x

http://marc.info/?l=bugtraq&m=107655269820530&w=2
http://www.securityfocus.com/bid/9644
https://exchange.xforce.ibmcloud.com/vulnerabilities/15188

Vulnerability Database

290,018

CVE-2004-0278