CVE-2020-14983

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.

References

Affected packages

Git / github.com/chocolate-doom/chocolate-doom

Affected ranges

Type: GIT
Repo: https://github.com/chocolate-doom/chocolate-doom
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8777b99cf72daed3cae0aa0a0ee730dc6610de2d

Affected versions

chocolate-doom-0.*

chocolate-doom-0.0.1

chocolate-doom-0.0.2

chocolate-doom-0.0.3

chocolate-doom-0.0.4

chocolate-doom-0.1.0

chocolate-doom-0.1.1

chocolate-doom-0.1.2

chocolate-doom-1.*

chocolate-doom-1.0.0

chocolate-doom-1.1.0

chocolate-doom-1.1.1

chocolate-doom-1.2.0

chocolate-doom-1.2.1

chocolate-doom-1.3.0

chocolate-doom-1.4.0

chocolate-doom-1.5.0

chocolate-doom-1.6.0

chocolate-doom-1.7.0

chocolate-doom-2.*

chocolate-doom-2.0.0

chocolate-doom-2.0.0-beta1

chocolate-doom-2.0.0-beta2

chocolate-doom-2.0.0-beta3

chocolate-doom-2.1.0

chocolate-doom-2.2.0

chocolate-doom-2.3.0

chocolate-doom-3.*

chocolate-doom-3.0.0

chocolate-doom-3.0.0-beta1

Other

chocolate-strife-beta1

chocolate-strife-beta2

doom-src-release

netalpha1

netalpha2

netalpha3

netalpha4

netalpha5

raven-src-release

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14983.json"