CVE-2008-6712

EUVD-2008-6672
The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
eacrysis
𝑥
≤ 1.21
eacrysis
1.1
eacrysis
1.2
𝑥
= Vulnerable software versions
References
http://aluigi.org/poc/dontcrysis.txt
http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0211.html
http://osvdb.org/46261
http://secunia.com/advisories/30675
http://www.securityfocus.com/archive/1/493385/100/0/threaded
http://www.securityfocus.com/bid/29759
https://exchange.xforce.ibmcloud.com/vulnerabilities/43126
http://aluigi.org/poc/dontcrysis.txt
http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0211.html
http://osvdb.org/46261
http://secunia.com/advisories/30675
http://www.securityfocus.com/archive/1/493385/100/0/threaded
http://www.securityfocus.com/bid/29759
https://exchange.xforce.ibmcloud.com/vulnerabilities/43126