1

Topic: Remote heap overflow in Teewars server <=0.3.4

Hello,

teewars server 0.3.4(and probably older) is prone to a remotely triggerable heap overflow:
in the conn_set_error() a user supplied buffer is copied without checking length to a fixed-sized buffer. This could be exploited to crash the server, trigger a resource exaustion loop or run arbitrary code.



p.s.
i consider this a pretty high critical bug due to the ability to loop throught the serverlist to obtain targets