Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 907386 (CVE-2023-31517, CVE-2023-31518)

Summary: games-action/teeworlds: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: games
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b
Whiteboard: B3 [upstream]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-29 20:39:34 UTC 
CVE-2023-31517 (http://teeworlds.com):

Teeworlds v0.7.5 was discovered to contain memory leaks.

CVE-2023-31518 (https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/):

A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file.

One clear upstream report, only a draft PR open for it:
https://github.com/teeworlds/teeworlds/issues/2970