CVE-2018-20343

HIGH

Ken Silverman Build Engine 1 - Buffer Overflow via Crafted Map File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-20343. PoCs published by Alexandre-Bartel.

AI-analyzed exploit summary This PoC exploits a buffer overflow in Ken Silverman's Build Engine by generating a malformed .map file that overwrites the stack, allowing control over EIP. The vulnerability arises from uncontrolled reads into fixed-size buffers based on attacker-controlled values.

Description

Multiple buffer overflow vulnerabilities have been found in Ken Silverman Build Engine 1. An attacker could craft a special map file to execute arbitrary code when the map file is loaded.

Exploits (1)

nomisec WORKING POC 6 stars

by Alexandre-Bartel · poc

https://github.com/Alexandre-Bartel/CVE-2018-20343

View Code ZIP pw:eip

This PoC exploits a buffer overflow in Ken Silverman's Build Engine by generating a malformed .map file that overwrites the stack, allowing control over EIP. The vulnerability arises from uncontrolled reads into fixed-size buffers based on attacker-controlled values.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ken Silverman's Build Engine (used in games like Duke Nukem 3D, Shadow Warrior, etc.)

No auth needed

Prerequisites: Ability to deliver a malformed .map file to the target system · Target running a vulnerable Build Engine-based game

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://github.com/Alexandre-Bartel/CVE-2018-20343

Scores

CVSS v3 7.8

EPSS 0.0222

EPSS Percentile 80.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (1)

advsys/build_engine 1.0

Published Mar 02, 2020

Tracked Since Feb 18, 2026