发布时间 :2005-06-09 00:00:00
修订时间 :2016-10-17 23:23:13

[原文]Rakkarsoft RakNet network library 2.33 and earlier, when released before 30 May 2005, and as used in multiple products including nFusion Elite Warriors: Vietnam, allows remote attackers to cause a denial of service (infinite loop) via a zero-byte UDP packet.

[CNNVD]Rakkarsoft RakNet 远程拒绝服务漏洞(CNNVD-200506-092)

        2005年5月30日之前发布的Rakkarsoft RakNet 网络库2.33及早期版本存在漏洞,与包括nFusion Elite Warriors: Vietnam在内的多个软件产品相同,远程攻击者通过零字节UDP包触发拒绝服务攻击(无限循环)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20050605 Server termination in Raknet 2.33 (before 30 May 2005)
(UNKNOWN)  BID  13862

- 漏洞信息

Rakkarsoft RakNet 远程拒绝服务漏洞
中危 其他
2005-06-09 00:00:00 2005-10-20 00:00:00
        2005年5月30日之前发布的Rakkarsoft RakNet 网络库2.33及早期版本存在漏洞,与包括nFusion Elite Warriors: Vietnam在内的多个软件产品相同,远程攻击者通过零字节UDP包触发拒绝服务攻击(无限循环)。

- 公告与补丁


- 漏洞信息

RakNet Empty UDP Datagram Remote DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability
Exploit Public

- 漏洞描述

Raknet contains a flaw that may allow a remote denial of service. The issue is triggered when an empty UDP datagram is received by the server, and will result in loss of availability for the service.

- 时间线

2005-06-05 Unknow
2005-06-05 Unknow

- 解决方案

Upgrade to version 2.33 (05/30/2005) or higher, as it has been reported to fix this vulnerability. Note that this flaw was fixed in the 5/30/2005 release without a change in version number. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Rakkarsoft RakNet Remote Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 13862
Yes No
2005-06-06 12:00:00 2009-07-12 02:56:00
Discovery is credited to Luigi Auriemma <>

- 受影响的程序版本

Rakkarsoft Raknet 2.33
nFusion Interactive Elite Warriors: Vietnam 1.3

- 漏洞讨论

Rakkarsoft RakNet is affected by a remote denial of service vulnerability.

Reportedly, the vulnerability presents itself when the library handles an empty UDP packet.

RakNet 2.33 and prior versions released before May 30, 2005 are affected by this vulnerability. Various games employing the affected library may be vulnerable as well.

- 漏洞利用

An exploit is not required.

The following proof of concept is available:

- 解决方案

Reportedly, Raknet 2.33 versions released on May 30, 2005 and subsequent are not vulnerable to this issue. This is not confirmed at the moment.

- 相关参考