Skip to content

WorldSession::ReadAddonsInfo Denial of Service

High
Aokromes published GHSA-9fxg-pw83-cpq5 Jul 17, 2019 · 1 comment

Package

No package listed

Affected versions

branch 3.3.5 commit 37f69825c445f3c973172792e1abc0bdc9f02dde and earlier

Patched versions

branch 3.3.5 commit 86b516c3f27f155f267245fc27ae634a76bb1e2f and later

Description

Impact

This vulnerability allows an attacker sending malicious packets to cause on worldserver executable high CPU usage, high amount of SQL queries and application crash.
It affects branch 3.3.5 only, it has no impact on master branch.

Patches

Users should update to at least 86b516c

Workarounds

There are no workarounds, users have to update to at least 86b516c .

References

#23215 (comment)
cd3d317
86b516c

For more information

If you have any questions or comments about this advisory:

Severity

High

CVE ID

No known CVE

Weaknesses

No CWEs