Ubuntu
prboom-plus package

buffer overflows in prboom-plus-game-server that can be triggered remotely

Bug #1878958 reported by Michał on 2020-05-15

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	prboom-plus (Ubuntu)	New	Undecided	Unassigned

Bug Description

Prboom-plus is vulnerable to buffer overflow in both client and server side that can be triggered remotely. I confirmed on Ubuntu 18.04:
prboom-plus:
  Installed: 2:2.5.1.5+svn4531+dfsg1-1
  Candidate: 2:2.5.1.5+svn4531+dfsg1-1
  Version table:
*** 2:2.5.1.5+svn4531+dfsg1-1 500
        500 http://pl.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
        100 /var/lib/dpkg/status

Initially it was submitted here:
- https://sourceforge.net/p/prboom-plus/bugs/252/
- https://sourceforge.net/p/prboom-plus/bugs/253/

If you can assigne a CVE, please credit me as: Michał Dardas from LogicalTrust

Tags:

Revision history for this message

Michał (mmmds) wrote on 2020-05-15:

crash Edit (439.3 KiB, text/plain)

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2020-05-15:

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

information type:	Private Security → Public Security
tags:	added: community-security

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2020-05-15:

Hello Michał, thanks for the bug report.

Canonical is a CNA that can assign CVEs, but we are limited in which programs and which conditions we can assign numbers. For this issue, please request a CVE from https://cveform.mitre.org/ .

Thanks