CVE-2019-10877 – CVE-2019-10877 is an integer overflow vulnerabi... (How to Fix)

Q: What is the severity of CVE-2019-10877?

CVE-2019-10877 has a CVSS score of 9.8 (CRITICAL). CVE-2019-10877 is an integer overflow vulnerability in Teeworlds 0.7.2 that occurs when loading map files. The overflow in CMap::Load() leads to a buffer overflow, potentially allowing remote code execution. Anyone running Teeworlds servers or clients with affected versions is vulnerable.

📋 TL;DR

CVE-2019-10877 is an integer overflow vulnerability in Teeworlds 0.7.2 that occurs when loading map files. The overflow in CMap::Load() leads to a buffer overflow, potentially allowing remote code execution. Anyone running Teeworlds servers or clients with affected versions is vulnerable.

💻 Affected Systems

Products:

Teeworlds

Versions: 0.7.2 specifically (check references for potentially affected adjacent versions)

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of Teeworlds 0.7.2 are vulnerable when loading map files through the game's map loading functionality.

📦 What is this software?

Teeworlds by Teeworlds

View all CVEs affecting Teeworlds →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, allowing attackers to install malware, steal data, or create persistent backdoors.

🟠

Likely Case

Server crash (denial of service) or client crashes when processing malicious map files, potentially disrupting gameplay.

🟢

If Mitigated

No impact if patched or if network controls prevent malicious map file transmission.

🌐 Internet-Facing: HIGH - Teeworlds servers are typically internet-facing for multiplayer gameplay, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal clients could be vulnerable if they load malicious map files from compromised sources.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in map file parsing, which can be triggered by loading a specially crafted map file. Public references discuss the issue and exploitation appears straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.7.3 and later

Vendor Advisory: https://github.com/teeworlds/teeworlds/issues/2071

Restart Required: Yes

Instructions:

1. Download Teeworlds 0.7.3 or later from official sources. 2. Stop all Teeworlds services. 3. Install the updated version. 4. Restart services.

🔧 Temporary Workarounds

Network filtering

all

Block or filter map file transfers at network level to prevent malicious maps from reaching vulnerable systems.

Map source restriction

all

Only allow loading of maps from trusted, verified sources.

🧯 If You Can't Patch

Isolate Teeworlds servers on separate network segments with strict firewall rules
Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check Teeworlds version: teeworlds --version or examine installed package version. If version is 0.7.2, system is vulnerable.

Check Version:

teeworlds --version

Verify Fix Applied:

Verify version is 0.7.3 or later and test map loading functionality with known safe maps.

📡 Detection & Monitoring

Log Indicators:

Unexpected crashes in Teeworlds process
Error messages related to map loading or memory corruption

Network Indicators:

Unusual map file transfers to Teeworlds servers
Traffic patterns suggesting exploitation attempts

SIEM Query:

process_name:"teeworlds" AND (event_type:"crash" OR error_message:"map" OR error_message:"overflow")

📊 Metadata

CVE ID: CVE-2019-10877

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: April 5, 2019

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-10877, you might also want to check these: