Login Sign Up

CVE-2019-20797

7.5 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

CVE-2019-20797 is a buffer overflow vulnerability in prboom-plus 2.5.1.5's UDP packet handling code that allows remote attackers to execute arbitrary code or cause denial of service. This affects both client and server components when processing network packets. Users running vulnerable versions of prboom-plus are at risk.

💻 Affected Systems

Products:
  • prboom-plus
Versions: 2.5.1.5 and possibly earlier versions
Operating Systems: Linux, Windows, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Both client and server components are vulnerable when network functionality is enabled

📦 What is this software?

Prboom Plus by Prboom Plus Project

View all CVEs affecting Prboom Plus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise

🟠

Likely Case

Denial of service causing application crashes

🟢

If Mitigated

Limited impact with proper network segmentation and exploit mitigations

🌐 Internet-Facing: HIGH - UDP packets can be sent remotely without authentication
🏢 Internal Only: MEDIUM - Requires network access but can be exploited internally

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept available in public references, exploitation requires sending crafted UDP packets

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.1.6 or later

Vendor Advisory: https://logicaltrust.net/blog/2019/10/prboom1.html

Restart Required: Yes

Instructions:

1. Download latest prboom-plus from official repository 2. Compile and install updated version 3. Restart prboom-plus services

🔧 Temporary Workarounds

Network Firewall Block

linux

Block UDP traffic to prboom-plus ports

iptables -A INPUT -p udp --dport [prboom-port] -j DROP

Disable Network Play

all

Disable multiplayer/network functionality

Configure prboom-plus to run in single-player mode only

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate prboom-plus systems
  • Deploy exploit mitigation technologies (ASLR, DEP, stack canaries)

🔍 How to Verify

Check if Vulnerable:

Check prboom-plus version: prboom-plus -version or examine package version

Check Version:

prboom-plus -version 2>&1 | grep -i version

Verify Fix Applied:

Confirm version is 2.5.1.6 or later and test network functionality

📡 Detection & Monitoring

Log Indicators:

  • Application crashes
  • Memory access violation errors
  • Unexpected UDP packet size logs

Network Indicators:

  • Unusually large UDP packets to prboom-plus ports
  • Multiple malformed UDP packets

SIEM Query:

source="prboom-plus" AND (event_type="crash" OR error="segmentation fault")

📊 Metadata

CVE ID: CVE-2019-20797
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: May 18, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-20797, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)