[原文]Buffer overflow in the READ_TCP_STRING function in game_message_functions.cpp in the network plugin for C'Nedra 0.4.0 and earlier allows remote attackers to execute arbitrary code via a long text string.
C'Nedra game_message_functions.cpp READ_TCP_STRING() Function Remote Overflow
Remote / Network Access
Loss of Integrity
A remote overflow exists in C'Nedra. The network plugin fails to validate data passed to the READ_TCP_STRING() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.