Possible DoS attack using the malformed packet sent into the connection port [CORE2563] #2973
Labels
affect-version: 1.5.4
affect-version: 1.5.5
affect-version: 2.0.0
affect-version: 2.0.1
affect-version: 2.0.2
affect-version: 2.0.3
affect-version: 2.0.4
affect-version: 2.0.5
affect-version: 2.1.0
affect-version: 2.1.1
affect-version: 2.1.2
affect-version: 2.5 Alpha 1
affect-version: 2.5 Beta 1
component: engine
fix-version: 1.5.6
fix-version: 2.0.6
fix-version: 2.1.3
fix-version: 2.5 Beta 2
priority: critical
qa: not enough information
type: bug
Submitted by: @dyemanov
It's possible to shutdown the server's main port (3050 by default) via sending a malformed packet of some special format, thus causing a DoS condition for new incoming connections. This exploit can be used by an unauthenticated client. Reported 15-Jul-2009 by Core Security Technologies.
Commits: 0964cde 01fbf3c a095a41 d6c79a4
The text was updated successfully, but these errors were encountered: