CVE-2018-18541

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.

References

Affected packages

Git / github.com/teeworlds/teeworlds

Affected ranges

Type: GIT
Repo: https://github.com/teeworlds/teeworlds
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

344a58cd858669f2b742827024dff7fd25fccccf

Affected versions

0.*

0.5-endofline

0.6-start

0.6.0-release

0.6.1-release

0.6.2-release

0.6.3-release

0.6.4-release

0.6.5-rc

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/teeworlds/teeworlds/commit/344a58cd858669f2b742827024dff7fd25fccccf",
        "target": {
            "file": "src/game/server/gamecontext.cpp"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2018-18541-c881deaf",
        "digest": {
            "line_hashes": [
                "199097209523499565481245254893803474346",
                "79405543112078992577852416865792889683",
                "321368320641149370519006774673267976761",
                "145666099402921007004773993562282529692"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/teeworlds/teeworlds/commit/344a58cd858669f2b742827024dff7fd25fccccf",
        "target": {
            "function": "CGameContext::OnClientDrop",
            "file": "src/game/server/gamecontext.cpp"
        },
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2018-18541-f57a6fcb",
        "digest": {
            "function_hash": "321614631417385662394245094589144205613",
            "length": 647.0
        },
        "signature_type": "Function"
    }
]