CVE-2011-10020

HIGH

Kaillera Server < 0.86 - Unauthenticated Denial of Service via Malformed UDP Packet

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-10020. PoCs published by Sil3nt_Dre4m, including Metasploit module auxiliary/dos/windows/games/kaillera.

AI-analyzed exploit summary This Perl script exploits multiple buffer overflow vulnerabilities in various Kaillera clients by acting as a malicious Kaillera server. It targets specific emulators and Kaillera client versions, delivering a Metasploit-generated calc.exe shellcode payload.

Description

Kaillera Server version 0.86 is vulnerable to a denial-of-service condition triggered by sending a malformed UDP packet after the initial handshake. Once a client sends a valid HELLO0.83 packet and receives a response, any subsequent malformed packet causes the server to crash and become unresponsive. This flaw stems from improper input validation in the server’s UDP packet handler, allowing unauthenticated remote attackers to disrupt service availability.

Exploits (2)

exploitdb WORKING POC

by Sil3nt_Dre4m · perlremotewindows

https://www.exploit-db.com/exploits/17460

View Code ZIP pw:eip

This Perl script exploits multiple buffer overflow vulnerabilities in various Kaillera clients by acting as a malicious Kaillera server. It targets specific emulators and Kaillera client versions, delivering a Metasploit-generated calc.exe shellcode payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Kaillera clients (0.9, Supraclient 0.85.2, Open Kaillera n02v0r6) with specific emulators (Mame32k, Snes9k, Mupen64k, Mame32++)

No auth needed

Prerequisites: Network access to target · Target must connect to the malicious server · Specific vulnerable Kaillera client and emulator versions

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by Sil3nt_Dre4m · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/games/kaillera.rb

View Code ZIP pw:eip

This Metasploit module exploits a denial-of-service vulnerability in Kaillera 0.86 by sending a malformed packet after the initial 'HELLO' packet, causing the server to crash. It verifies the crash by attempting to reconnect.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Kaillera 0.86

No auth needed

Prerequisites: Network access to the target server on UDP port 27888

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/games/kaillera.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/17460

Various Sources product

http://kaillera.com/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/kaillera-server-dos-via-malformed-udp-packet

Scores

CVSS v4 8.7

EPSS 0.5144

EPSS Percentile 98.0%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (1)

Kaillera Project/Server < 0.86

Published Aug 20, 2025

Tracked Since Feb 18, 2026