CVE-2004-0278 - OpenCVE

Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ratbag	Dirt Track Racing Dirt Track Racing Australia Dirt Track Racing Sprint Cars Leadfoot World Of Outlaws Sprint Cars

Configuration 1 [-]

OR	cpe:2.3:a:ratbag:dirt_track_racing:1.0.3:::::::*
	cpe:2.3:a:ratbag:dirt_track_racing:2.0:::::::*
	cpe:2.3:a:ratbag:dirt_track_racing_australia::::::::
	cpe:2.3:a:ratbag:dirt_track_racing_sprint_cars::::::::
	cpe:2.3:a:ratbag:leadfoot::::::::
	cpe:2.3:a:ratbag:world_of_outlaws_sprint_cars::::::::

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=107655269820530&w=2
http://www.securityfocus.com/bid/9644
https://exchange.xforce.ibmcloud.com/vulnerabilities/15188

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-03-18T05:00:00

Updated: 2024-08-08T00:10:03.710Z

Reserved: 2004-03-17T00:00:00

Link: CVE-2004-0278

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-11-23T05:00:00.000

Modified: 2017-07-11T01:30:01.837

Link: CVE-2004-0278

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-02-11T00:00:00", "descriptions": [{"lang": "en", "value": "Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "9644", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9644"}, {"name": "ratbag-data-length-dos(15188)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15188"}, {"name": "20040211 Denial of Service in Ratbag's game engine", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=107655269820530&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0278", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "9644", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9644"}, {"name": "ratbag-data-length-dos(15188)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15188"}, {"name": "20040211 Denial of Service in Ratbag's game engine", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=107655269820530&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:10:03.710Z"}, "title": "CVE Program Container", "references": [{"name": "9644", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/9644"}, {"name": "ratbag-data-length-dos(15188)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15188"}, {"name": "20040211 Denial of Service in Ratbag's game engine", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=107655269820530&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0278", "datePublished": "2004-03-18T05:00:00", "dateReserved": "2004-03-17T00:00:00", "dateUpdated": "2024-08-08T00:10:03.710Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ratbag:dirt_track_racing:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "A32183BA-B42D-4AEA-A047-AA81447BC028", "vulnerable": true}, {"criteria": "cpe:2.3:a:ratbag:dirt_track_racing:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "43672CF5-63F0-481A-B790-C9511D97630E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ratbag:dirt_track_racing_australia:*:*:*:*:*:*:*:*", "matchCriteriaId": "77913F99-C04B-40C4-8620-915584A03B2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ratbag:dirt_track_racing_sprint_cars:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CDAD983-2248-44C4-B2E7-C784D235B027", "vulnerable": true}, {"criteria": "cpe:2.3:a:ratbag:leadfoot:*:*:*:*:*:*:*:*", "matchCriteriaId": "678651DC-07B2-4F60-B411-9C6ED926C1A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ratbag:world_of_outlaws_sprint_cars:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BE240FF-0A9E-444D-9A08-02DCDCC118B2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data."}, {"lang": "es", "value": "El motor de juegos Ratbag, usado en productos como Dirt Track Racing, Leadfoot, y World of Outlaws Spring Cars, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumici\u00f3n de CPU) mediante un paquete TCP que especifica la longitud de los datos para leer y otro paquete TCP enviado a continuaci\u00f3n que contiene menos datos de los especificados, lo que hace que Ratbag compruebe el socket repetidamente esperando m\u00e1s datos."}], "id": "CVE-2004-0278", "lastModified": "2017-07-11T01:30:01.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-11-23T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=107655269820530&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/9644"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15188"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}