[原文]Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet with a large command length value, which leads to an invalid memory access.
ENet Library enet_host_service header.commandLength Parameter Overflow DoS
Remote / Network Access
Denial of Service,
Loss of Integrity,
Loss of Availability
ENet Library contains a flaw that may allow a remote denial of service. The issue is triggered when a packet with a large command length value is sent to the enet_host_service which leads to an invalid memory access resulting in loss of availability for the service.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.