CVE-2005-2115 : Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID

Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation.

Published 2005-07-05 04:00:00

Updated 2016-10-18 03:25:13

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2005-2115

Probability of exploitation activity in the next 30 days: 1.30%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-2115

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2005-2115

http://marc.info/?l=bugtraq&m=112008428126593&w=2
http://aluigi.altervista.org/adv/sof2ignore-adv.txt

Vendor Advisory

Products affected by CVE-2005-2115

Raven Software » Soldier Of Fortune 2 » Version: 1.02
cpe:2.3:a:raven_software:soldier_of_fortune_2:1.02:*:*:*:*:*:*:*
Matching versions
Raven Software » Soldier Of Fortune 2 » Version: 1.03
cpe:2.3:a:raven_software:soldier_of_fortune_2:1.03:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-2115

Exploit prediction scoring system (EPSS) score for CVE-2005-2115

CVSS scores for CVE-2005-2115

References for CVE-2005-2115

Products affected by CVE-2005-2115