Description
Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Luigi Auriemma · textremotemultiple
https://www.exploit-db.com/exploits/30508
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/477025/100/0/threaded
Exploit x_refsource_misc
http://aluigi.org/poc/toribashish.zip
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25359
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26507
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3033
Scores
EPSS
0.2093
EPSS Percentile
95.7%
Details
Status
published
Products (1)
toribash/toribash
< 2.71
Published
Aug 21, 2007
Tracked Since
Feb 18, 2026