CVE-2006-1101

Sauerbraten Cube - Denial of Service via Long Input Stream in sgetstr and getint Functions

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-1101. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit targets multiple vulnerabilities in Cube <= 2005_08_29, including a buffer overflow in sgetstr(), an invalid memory access issue, and a crash via malformed map loading with directory traversal. It uses the ENet library to send crafted packets to the target server.

Description

The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Luigi Auriemma · cdoswindows
https://www.exploit-db.com/exploits/1560

This exploit targets multiple vulnerabilities in Cube <= 2005_08_29, including a buffer overflow in sgetstr(), an invalid memory access issue, and a crash via malformed map loading with directory traversal. It uses the ENet library to send crafted packets to the target server.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Cube <= 2005_08_29
No auth needed
Prerequisites: ENet library installed · Network access to target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
cdoswindows
https://www.exploit-db.com/exploits/1559

This exploit targets multiple vulnerabilities in Sauerbraten <= 2006_02_28, including buffer overflows and invalid memory access. It uses the ENet library to craft malicious packets for different attack vectors.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Sauerbraten <= 2006_02_28
No auth needed
Prerequisites: Network access to the target server
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/426867/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19199
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16986
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/426865/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19110
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0847
Exploit, Vendor Advisory x_refsource_misc
http://aluigi.altervista.org/adv/evilcube-adv.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25085
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19111
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200603-10.xml
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0848

Scores

EPSS 0.0499
EPSS Percentile 91.1%

Details

Status published
Products (2)
sauerbraten/cube 2005-08-09
sauerbraten/sauerbraten 2006-02-28
Published Mar 09, 2006
Tracked Since Feb 18, 2026