CVE-2004-0278 - Vulnerability Details - OpenCVE

Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00886.

Key SSVC decision points have not yet been added.

Vendors	Products
Ratbag	Dirt Track Racing Dirt Track Racing Australia Dirt Track Racing Sprint Cars Leadfoot World Of Outlaws Sprint Cars

Configuration 1 [-]

OR	cpe:2.3:a:ratbag:dirt_track_racing:1.0.3:::::::*
	cpe:2.3:a:ratbag:dirt_track_racing:2.0:::::::*
	cpe:2.3:a:ratbag:dirt_track_racing_australia::::::::
	cpe:2.3:a:ratbag:dirt_track_racing_sprint_cars::::::::
	cpe:2.3:a:ratbag:leadfoot::::::::
	cpe:2.3:a:ratbag:world_of_outlaws_sprint_cars::::::::

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://marc.info/?l=bugtraq&m=107655269820530&w=2
http://www.securityfocus.com/bid/9644
https://exchange.xforce.ibmcloud.com/vulnerabilities/15188

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-03-18T05:00:00

Updated: 2024-08-08T00:10:03.710Z

Reserved: 2004-03-17T00:00:00

Link: CVE-2004-0278

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2004-11-23T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-0278

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-02-11T00:00:00", "descriptions": [{"lang": "en", "value": "Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "9644", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9644"}, {"name": "ratbag-data-length-dos(15188)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15188"}, {"name": "20040211 Denial of Service in Ratbag's game engine", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=107655269820530&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0278", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "9644", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9644"}, {"name": "ratbag-data-length-dos(15188)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15188"}, {"name": "20040211 Denial of Service in Ratbag's game engine", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=107655269820530&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:10:03.710Z"}, "title": "CVE Program Container", "references": [{"name": "9644", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/9644"}, {"name": "ratbag-data-length-dos(15188)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15188"}, {"name": "20040211 Denial of Service in Ratbag's game engine", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=107655269820530&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0278", "datePublished": "2004-03-18T05:00:00", "dateReserved": "2004-03-17T00:00:00", "dateUpdated": "2024-08-08T00:10:03.710Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ratbag:dirt_track_racing:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "A32183BA-B42D-4AEA-A047-AA81447BC028", "vulnerable": true}, {"criteria": "cpe:2.3:a:ratbag:dirt_track_racing:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "43672CF5-63F0-481A-B790-C9511D97630E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ratbag:dirt_track_racing_australia:*:*:*:*:*:*:*:*", "matchCriteriaId": "77913F99-C04B-40C4-8620-915584A03B2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ratbag:dirt_track_racing_sprint_cars:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CDAD983-2248-44C4-B2E7-C784D235B027", "vulnerable": true}, {"criteria": "cpe:2.3:a:ratbag:leadfoot:*:*:*:*:*:*:*:*", "matchCriteriaId": "678651DC-07B2-4F60-B411-9C6ED926C1A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ratbag:world_of_outlaws_sprint_cars:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BE240FF-0A9E-444D-9A08-02DCDCC118B2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data."}, {"lang": "es", "value": "El motor de juegos Ratbag, usado en productos como Dirt Track Racing, Leadfoot, y World of Outlaws Spring Cars, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumici\u00f3n de CPU) mediante un paquete TCP que especifica la longitud de los datos para leer y otro paquete TCP enviado a continuaci\u00f3n que contiene menos datos de los especificados, lo que hace que Ratbag compruebe el socket repetidamente esperando m\u00e1s datos."}], "id": "CVE-2004-0278", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-11-23T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=107655269820530&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/9644"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15188"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=107655269820530&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/9644"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15188"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}