CVE-2021-26826
Description
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.648
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Full 2D and 3D game engine with editor (USN-7579-1) godot3_3.5.2-stable-2ubuntu0.24.10.1_amd64.deb | Linux |
| Full 2D and 3D game engine with editor (USN-7579-1) godot3_3.6+ds-2ubuntu0.1_amd64.deb | Linux |
| Full 2D and 3D game engine with editor (USN-7579-1) godot3-runner_3.5.2-stable-2ubuntu0.24.10.1_amd64.deb | Linux |
| Full 2D and 3D game engine with editor (USN-7579-1) godot3-runner_3.6+ds-2ubuntu0.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234