An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.
The write method of the Buffer class does not perform proper validation of the data length passed for writing, leading to integer overflow (CWE-190). This overflow can result in exceeding the bounds of the allocated buffer in memory. An attacker can provide specially crafted input data manipulating the length value, which can consequently lead to arbitrary code execution in the context of the vulnerable application.
An attacker can cause a buffer overflow in memory, resulting in arbitrary code execution without authorization. Due to the network vector and lack of required privileges, exploitation can occur remotely.
Patches available from the vendor should be applied according to references — a fix pull request is available at https://github.com/robo-code/robocode/pull/70. It is recommended to update to a version containing the patch and restrict access to Robocode instances from untrusted networks until the patch is applied.
Robocode version 1.9.3.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:RedRobocode
APPRobocode1.9.3.6
Related vulnerabilities
Path Traversal w Robocode CacheCleaner — usuwanie dowolnych plików
Robocode: podatność race condition przy tworzeniu plików tymczasowych (RCE)
Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated ...
Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via...
The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by u...