On Tue, Feb 21, 2023 at 03:32:01PM +0000, Simon McVittie wrote:
> On Tue, 21 Feb 2023 at 16:09:30 +0100, Moritz Mühlenhoff wrote:
> > CVE-2019-25104[0]:
> > https://github.com/rtcwcoop/rtcwcoop/pull/45
>
> This looks like a denial of service via memory exhaustion when running
> a multiplayer server. For a game from 2001, I would personally say this
> is normal or even minor severity: it isn't really realistic to expect
> a game this old to not be crashable.
>
> I'm also not at all sure that iortcw is even vulnerable to this.
Please adjust the severity (and or close if not applicable at all) as
necessary, I have no insight on iortcw but only saw the CVE in the triage
of the incoming CVE feed and filed this bug to clarify impact on Debian's
packaged fork.
Cheers,
Moritz
