Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 683000 (CVE-2019-10877, CVE-2019-10878, CVE-2019-10879, CVE-2019-20787, CVE-2020-12066) - <games-action/teeworlds-0.7.5: multiple vulnerabilities (CVE-2019-{10877,10878,10879,20787})
Summary: <games-action/teeworlds-0.7.5: multiple vulnerabilities (CVE-2019-{10877,1087...
Status: RESOLVED FIXED
Alias: CVE-2019-10877, CVE-2019-10878, CVE-2019-10879, CVE-2019-20787, CVE-2020-12066
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial
Assignee: Gentoo Security
URL:
Whiteboard: ~2 [noglsa cve]
Keywords:
Depends on: 668928
Blocks:
  Show dependency tree
 
Reported: 2019-04-10 06:57 UTC by Agostino Sarubbo
Modified: 2020-07-18 00:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2019-04-10 06:57:15 UTC
From https://bugzilla.redhat.com/show_bug.cgi?id=1697855:

In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in
engine/shared/map.cpp that can lead to a buffer overflow, because multiplication
of width and height is mishandled.

Reference:
https://github.com/teeworlds/teeworlds/issues/2071



From https://bugzilla.redhat.com/show_bug.cgi?id=1697919:

In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData()
and CDataFileReader::ReplaceData() and related functions in
engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds
pointer write, possibly resulting in remote code execution.

Reference:
https://github.com/teeworlds/teeworlds/issues/2073


From https://bugzilla.redhat.com/show_bug.cgi?id=1697928:

In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in
engine/shared/datafile.cpp that can lead to a buffer overflow and possibly
remote code execution, because size-related multiplications are mishandled.

Reference:
https://github.com/teeworlds/teeworlds/issues/2070



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-06 11:27:57 UTC
Package has no stable ebuild.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2020-04-22 21:31:03 UTC
CVE-2020-12066 (https://nvd.nist.gov/vuln/detail/CVE-2020-12066):
  CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5
  allows remote attackers to shut down the server.

CVE-2019-20787 (https://nvd.nist.gov/vuln/detail/CVE-2019-20787):
  Teeworlds before 0.7.4 has an integer overflow when computing a tilemap
  size.
Comment 4 Larry the Git Cow gentoo-dev 2020-07-18 00:00:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9e74fa9c10625e66021aa729889d6b418754c9d

commit a9e74fa9c10625e66021aa729889d6b418754c9d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-07-17 21:31:24 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-07-17 23:59:59 +0000

    games-action/teeworlds: security cleanup
    
    Bug: https://bugs.gentoo.org/683000
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: Sam James <sam@gentoo.org>

 games-action/teeworlds/Manifest                    |   1 -
 .../files/0.6/01-use-system-wavpack.patch          | 101 -------------
 .../files/0.6/02-fixed-wavpack-sound-loading.patch | 109 --------------
 .../files/0.6/03-use-system-pnglite.patch          | 160 ---------------------
 .../teeworlds/files/0.6/04-dedicated.patch         |  15 --
 .../teeworlds/files/0.6/05-cc-cflags.patch         |  18 ---
 games-action/teeworlds/teeworlds-0.6.4.ebuild      | 118 ---------------
 7 files changed, 522 deletions(-)
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-18 00:12:36 UTC
Tree is clean, ~ package so no GLSA, closing.