CVE-2009-3591

BEN Webb Dopewars - Improper Input Validation

Title source: rule

Description

Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Doug Prostko · textdoslinux

https://www.exploit-db.com/exploits/33269

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Doug Prostko · textdosmultiple

https://www.exploit-db.com/exploits/10004

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/misc/dopewars.rb

View Code ZIP pw:eip

References (5)

[Patch] http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/ChangeLog?view=markup&pathrev=1033

[Product] http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1023&r2=1033&pathrev=1033

[Vendor Advisory] http://secunia.com/advisories/36961

[Exploit] http://www.securityfocus.com/bid/36606

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/507012/100/0/threaded

Scores

EPSS 0.7129

EPSS Percentile 98.7%

Details

CWE

CWE-20

Status published

Products (1)

ben_webb/dopewars 1.5.12

Published Oct 08, 2009

Tracked Since Feb 18, 2026