CVE-2010-2702 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2702): Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, allows remote attackers to execute arbitrary code via a long LEVEL field in a WELCOME response to a download request.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25ccd8cf8f654fefc66ef924b5558873e1e44dcf commit 25ccd8cf8f654fefc66ef924b5558873e1e44dcf Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-12-08 21:28:28 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-12-08 21:28:28 +0000 games-fps/unreal-tournament: drop vulnerable Closes: https://bugs.gentoo.org/386383 Signed-off-by: Aaron Bauman <bman@gentoo.org> games-fps/unreal-tournament/Manifest | 2 - games-fps/unreal-tournament/metadata.xml | 33 ------ .../unreal-tournament/unreal-tournament-451.ebuild | 120 --------------------- 3 files changed, 155 deletions(-)
