CVE-2016-9400 Fedoraproject CVE debrief

Who should care

Teeworlds players and client operators running versions before 0.6.4 should treat this as urgent. Downstream package maintainers and distro security teams should also verify that shipped Teeworlds builds include the upstream fix, including packages identified in the NVD CPE data.

Technical summary

NVD classifies this as CWE-119 and rates it CVSS 3.1 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The issue is described in engine/client/client.cpp within CClient::ProcessServerPacket, where snap-handling logic can be driven by a remote server into arbitrary physical memory writes and possible code execution. The affected upstream range is Teeworlds before 0.6.4; NVD also lists Fedora 23 CPE coverage in its vulnerable configuration data.

Defensive priority

Immediate

Recommended defensive actions

• Upgrade Teeworlds to version 0.6.4 or later.
• If you maintain an older branch, backport the upstream fix from commit ff254722a2683867fcb3e67569ffd36226c4bc62.
• Verify downstream packages and images are rebuilt with the fix, especially where Teeworlds was shipped by distributions.
• Treat pre-0.6.4 clients as vulnerable when connecting to untrusted or compromised servers.
• If an immediate upgrade is not possible, reduce exposure by limiting use of affected clients until patched.

Evidence notes

The NVD description states that CClient::ProcessServerPacket in engine/client/client.cpp allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via snap-handling vectors. The record lists CWE-119 and CVSS 3.1 9.8. Supporting references in the corpus include November 2016 oss-security mailing-list posts, an upstream GitHub fix commit, a Teeworlds vendor advisory, and downstream Fedora and Gentoo advisories.

Official resources