CVE-2009-4846
Deliantra < 2.82 - Remote Code Execution via Command Gsay and Book Implementation
Title source: llmDescription
Multiple buffer overflows in Deliantra Server before 2.82 allow remote attackers to execute arbitrary code via vectors related to (1) the command_gsay function in server/c_party.C and (2) the book implementation.
References (8)
Core 8
Core References
Patch x_refsource_confirm
http://cvs.schmorp.de/deliantra/server/server/c_party.C?r1=1.29&r2=1.30
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54205
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/59879
Various Sources x_refsource_confirm
http://cvs.schmorp.de/deliantra/server/Changes?pathrev=rel-2_82
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54206
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3176
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/59878
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37317
Scores
EPSS
0.0387
EPSS Percentile
89.0%
Details
CWE
CWE-119
Status
published
Products (49)
deliantra/deliantra
0.99
deliantra/deliantra
0.9955
deliantra/deliantra
0.9956
deliantra/deliantra
0.9959
deliantra/deliantra
0.9960
deliantra/deliantra
0.9963
deliantra/deliantra
0.9965
deliantra/deliantra
0.9967
deliantra/deliantra
0.9970
deliantra/deliantra
0.9972
... and 39 more
Published
May 07, 2010
Tracked Since
Feb 18, 2026