Description
Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution.
References (4)
Core 4
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/teeworlds/teeworlds/issues/2981
Exploit, Third Party Advisory x_refsource_misc
https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OS2LI2RHQNUKUT3FKWYHRC27PLRWCHMZ/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIYZ7EVY6NZBM7FQF6GVUARYO6MKSEAT/
Scores
CVSS v3
7.8
EPSS
0.0059
EPSS Percentile
69.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-120
Status
published
Products (3)
fedoraproject/fedora
35
fedoraproject/fedora
36
teeworlds/teeworlds
< 0.7.5
Published
Dec 15, 2021
Tracked Since
Feb 18, 2026