CVE-2006-2971

overkill 0.16 - Denial of Service via UDP Packet Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2971. PoCs published by Federico Fazzi.

AI-analyzed exploit summary This exploit triggers a remote integer overflow in 0verkill 0.16 by sending a malformed UDP packet, causing a segmentation fault due to an out-of-bounds memory access in the CRC32 function.

Description

Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Federico Fazzi · pythondoslinux

https://www.exploit-db.com/exploits/1894

View Code ZIP pw:eip

This exploit triggers a remote integer overflow in 0verkill 0.16 by sending a malformed UDP packet, causing a segmentation fault due to an out-of-bounds memory access in the CRC32 function.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: 0verkill 0.16

No auth needed

Prerequisites: Network access to the target server · UDP port open on the target

MITRE ATT&CK