Teeworlds: Remote execution of arbitrary code on client — GLSA 201705-13

Teeworlds client vulnerability in snap handling could result in execution of arbitrary code.

Affected Packages

games-action/teeworlds on all architectures
Affected versions < 0.6.4
Unaffected versions >= 0.6.4

Background

Teeworlds is an online multi-player platform 2D shooter.

Description

Teeworlds client contains a vulnerability allowing a malicious server to execute arbitrary code, or write to arbitrary physical memory via the CClient::ProcessServerPacket method.

Impact

A remote malicious server can write to arbitrary physical memory locations and possibly execute arbitrary if a vulnerable client joins the server.

Workaround

There is no known workaround at this time.

Resolution

All Teeworlds users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=games-action/teeworlds-0.6.4:0"
 

References

Release Date
May 26, 2017

Latest Revision
May 26, 2017: 2

Severity
normal

Exploitable
remote

Bugzilla entries