Candidate: CVE-2018-18541
PublicDate: 2018-10-20 22:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18541
 https://www.teeworlds.com/forum/viewtopic.php?id=12544
 https://github.com/teeworlds/teeworlds/issues/1536
 https://github.com/teeworlds/teeworlds/commit/a263185571903ead01f6b351a91ea219ac9d215f
 https://github.com/teeworlds/teeworlds/commit/aababc63eeeee1bc41672502ca6c7a1dd9f61d94
 https://github.com/teeworlds/teeworlds/commit/f5fa1a92ed81ed8da721e803a036b1553a38e39e
 https://bugs.debian.org/911487
 https://teeworlds.com/?page=news&id=12544
Description:
 In Teeworlds before 0.6.5, connection packets could be forged. There was no
 challenge-response involved in the connection build up. A remote attacker
 could send connection packets from a spoofed IP address and occupy all
 server slots, or even use them for a reflection attack using map download
 packets.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911487
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_teeworlds:
upstream_teeworlds: released (0.7.0-1)
precise/esm_teeworlds: DNE
trusty_teeworlds: ignored (reached end-of-life)
trusty/esm_teeworlds: DNE (trusty was needs-triage)
xenial_teeworlds: ignored (end of standard support, was needed)
bionic_teeworlds: needed
cosmic_teeworlds: ignored (reached end-of-life)
disco_teeworlds: not-affected (0.7.0-1)
eoan_teeworlds: not-affected (0.7.0-1)
focal_teeworlds: not-affected (0.7.0-1)
groovy_teeworlds: not-affected (0.7.0-1)
hirsute_teeworlds: not-affected (0.7.0-1)
impish_teeworlds: not-affected (0.7.0-1)
jammy_teeworlds: not-affected (0.7.0-1)
devel_teeworlds: not-affected (0.7.0-1)