Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.
Max CVSS
7.8
EPSS Score
3.00%
Published
2009-04-21
Updated
2017-08-17
The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference.
Max CVSS
5.0
EPSS Score
9.69%
Published
2009-04-10
Updated
2018-10-11
2 vulnerabilities found