Hi games team, http://secunia.com/advisories/20551/ Software: 0verkill 0.x Description: Federico Fazzi has discovered a vulnerability in 0verkill, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is cause due to an integer underflow error in "recv_packet()" within the handling of a received UDP packet. This can be exploited to cause out-of-bounds memory access which crashes the server process via a UDP packet that is smaller than 12 bytes in size. The vulnerability has been confirmed in version 0.16. Other versions may also be affected. Solution: Host network games only when connected to trusted networks. Provided and/or discovered by: Federico Fazzi
waiting for a vendor patch or an official update
Created attachment 88838 [details, diff] 0verkill-0.16-underflow-check.patch simple to fix
0.16-r3 in portage with this patch
Thx Mike. Arches please test and mark stable.
already done ;)
That was fast:-) Time for GLSA vote. I vote NO.
no need for a glsa here imho
Two NO votes -> closing without GLSA. Feel free to reopen if you disagree.