CVE-2003-1325

Valve Half-Life CSTRIKE Dedicated Server < 1.1.1.0 Authenticated DoS via SV_CheckForDuplicateNames

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1325.

AI-analyzed exploit summary This Perl script exploits a remote DoS vulnerability in the Half-Life engine by sending malformed UDP packets to the game server on port 27015. It crafts a 'connect' command with an invalid protocol string, causing the server to crash.

Description

The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a certain connection string to UDP port 27015 that represents "absence of player informations," a related issue to CVE-2006-0734.

Exploits (1)

exploitdb WORKING POC

perldosmultiple

https://www.exploit-db.com/exploits/1483

View Code ZIP pw:eip

This Perl script exploits a remote DoS vulnerability in the Half-Life engine by sending malformed UDP packets to the game server on port 27015. It crafts a 'connect' command with an invalid protocol string, causing the server to crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Half-Life engine (Counter-Strike 1.6, Windows/Linux dedicated servers)

No auth needed

Prerequisites: Network access to the target server on UDP port 27015

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/0304-exploits/hl-headnut.c

Third Party Advisory x_refsource_misc

http://aluigi.altervista.org/adv/csdos.txt

Scores

EPSS 0.0156

EPSS Percentile 81.9%

Details

Status published

Products (1)

valve_software/half-life_cstrike_dedicated_server < 1.1.1.0

Published Dec 31, 2003

Tracked Since Feb 18, 2026