toribash 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk input validation、バッファオーバーフロー, and vendor risk denial of service などに関し、一部は vendor impact unexpected behavior を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2007-4452 | The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (disconnection) via a long (1) emote or (2) SPEC command. | [email protected] | 5.0 | 1.75% | 2007-08-20 | 2026-06-16 |
| CVE-2007-4451 | The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters. | [email protected] | 5.0 | 1.53% | 2007-08-20 | 2026-06-16 |
| CVE-2007-4450 | The server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of this violation is not clear, although it probably makes exploitation of CVE-2007-4449 easier. | [email protected] | 5.0 | 1.53% | 2007-08-20 | 2026-06-16 |
| CVE-2007-4449 | The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (application hang) via a command without an LF character, as demonstrated by a SAY command. | [email protected] | 5.0 | 1.53% | 2007-08-20 | 2026-06-16 |
| CVE-2007-4448 | The server in Toribash 2.71 and earlier does not properly handle partially joined clients that are temporarily assigned the ID of -1, which allows remote attackers to cause a denial of service (daemon crash) via a GRIP command with the ID of -1. | [email protected] | 5.0 | 1.75% | 2007-08-20 | 2026-06-16 |
| CVE-2007-4447 | Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of service (application crash) via a long SAY command that omits a required LF character; and allow remote Toribash servers to execute arbitrary code via (3) a long game command and (4) a long SAY command that omits a required LF character. | [email protected] | 7.5 | 3.95% | 2007-08-20 | 2026-06-16 |
| CVE-2007-4446 | Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game. | [email protected] | 7.5 | 4.17% | 2007-08-20 | 2026-06-16 |