CVE-2003-1432

Unreal Engine 226f-436 - Denial of Service and Possible Remote Code Execution via Negative Size Value

Title source: llm
STIX 2.1

Description

Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11302
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11305
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6772
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/12012
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6770
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-05/0142.html

Scores

EPSS 0.0754
EPSS Percentile 93.8%

Details

CWE
CWE-189 CWE-94
Status published
Products (7)
epic_games/unreal_engine 226f
epic_games/unreal_engine 433
epic_games/unreal_engine 436
epic_games/unreal_tournament_2003 2199_linux
epic_games/unreal_tournament_2003 2199_win32
epic_games/unreal_tournament_2003 demo_version_2206_linux
epic_games/unreal_tournament_2003 demo_version_2206_win32
Published Dec 31, 2003
Tracked Since Feb 18, 2026