CVE-2009-2548 - Vulnerability Details - OpenCVE

Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request, which is not properly handled when logging an error message.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bistudio	Arma Arma 2

Configuration 1 [-]

OR	cpe:2.3:a:bistudio:arma::::::::
	cpe:2.3:a:bistudio:arma:1.14:::::::*
	cpe:2.3:a:bistudio:arma_2::::::::

No data.

References

Link	Providers
http://aluigi.altervista.org/adv/armazzofs-adv.txt
http://www.vupen.com/english/advisories/2009/1951

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-20T19:25:00Z

Updated: 2024-09-16T17:23:39.299Z

Reserved: 2009-07-20T00:00:00Z

Link: CVE-2009-2548

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-07-20T20:00:13.843

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-2548

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request, which is not properly handled when logging an error message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-07-20T19:25:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2009-1951", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1951"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/armazzofs-adv.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2548", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request, which is not properly handled when logging an error message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2009-1951", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1951"}, {"name": "http://aluigi.altervista.org/adv/armazzofs-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/armazzofs-adv.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:52:15.257Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2009-1951", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1951"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/armazzofs-adv.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2548", "datePublished": "2009-07-20T19:25:00Z", "dateReserved": "2009-07-20T00:00:00Z", "dateUpdated": "2024-09-16T17:23:39.299Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bistudio:arma:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BBC0E6F-B56B-4BE1-BCC3-61BE2391FBDF", "versionEndIncluding": "1.16_beta", "vulnerable": true}, {"criteria": "cpe:2.3:a:bistudio:arma:1.14:*:*:*:*:*:*:*", "matchCriteriaId": "D3941008-81E2-45FA-8588-8D88CD295CE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:bistudio:arma_2:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD0DDA32-B5C8-4F9F-AE22-CFF500670D84", "versionEndIncluding": "1.02", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request, which is not properly handled when logging an error message."}, {"lang": "es", "value": "Vulnerabilidad de cadena de formato en Armed Assault (tambi\u00e9n conocido como ArmA) v1.14 y anteriores, y v1.16 beta, y Armed Assault II v1.02 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y probablemente ejecutar c\u00f3digo de su elecci\u00f3n mediante especificaciones de cadenas de formato en los campos (1) \"nickname\" y (2) \"datafile\" en una petici\u00f3n de conexi\u00f3n, no manejando correctamente el registro del mensaje de error."}], "id": "CVE-2009-2548", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-07-20T20:00:13.843", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/armazzofs-adv.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1951"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/armazzofs-adv.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1951"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}