Package: conquest Version: 8.1-2 Severity: grave Tags: security Justification: user security hole
in client.c, in the case block starting at line 964, no validation is done on the snum or unum values sent by the server. On line 968, you can see one place where an invalid snum value could lead to a memory write outside Ships. If this is not exploitable, please downgrade & untag. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]