Description
Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab with two \\ (backslash) characters, a digit, a \ (backslash) character, and "z" in a series of nested img BBCODE tags.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by SpyEye & Christian Galeon · textdoswindows
https://www.exploit-db.com/exploits/34857
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70219
Broken Link x_refsource_misc
http://r4p3.net/public/ts3bbcodefreeze.txt
Broken Link x_refsource_misc
http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/96890
Scores
CVSS v3
6.5
EPSS
0.1210
EPSS Percentile
93.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (1)
teamspeak/teamspeak3
< 3.0.14
Published
Jan 08, 2018
Tracked Since
Feb 18, 2026