Title: Medieval Total War Server nickname Denial of Service Vulnerability
Severity: HIGH
Description:
Medieval: Total War is one game of the Total War series distributed and maintained by The Creative Assembly. It is available for the Microsoft Windows platform.
A problem in the handling of nicknames has been reported in the Medieval: Total War server. Because of this, an attacker may be able to deny service to users of the game server.
The problem is in the handling of nicknames of excessive length. When a player connects to the server with a nickname that is a long string of unicode characters, it is possible to crash the vulnerable server. This vulnerability has been reported to be reliably reproduced with 76 unicode characters.
It should be noted that this vulnerability only occurs when the server enters "lobby mode," which is a brief window of time before the initiation of a new game. This issue has also been reported to crash all clients connected to the vulnerable server.
This issue appears to be a memory corruption bug. Preliminary reports indicate the vulnerability is not capable of being used to execute arbitrary code. However, due to the nature of the problem, this possibility exists.
Affected Products:
- The Creative Assembly Medieval: Total War 1.0.0
- The Creative Assembly Medieval: Total War 1.1.0
References:
- The Creative Assembly: Medieval Total War
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
