{"id":"CVE-2018-18541","details":"In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.","modified":"2026-04-16T06:15:27.567503422Z","published":"2018-10-20T22:29:00.263Z","related":["openSUSE-SU-2019:1793-1","openSUSE-SU-2019:1999-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00046.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00077.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4329"},{"type":"ADVISORY","url":"https://teeworlds.com/?page=news&id=12544"},{"type":"FIX","url":"https://bugs.debian.org/911487"},{"type":"FIX","url":"https://github.com/teeworlds/teeworlds/issues/1536"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/teeworlds/teeworlds","events":[{"introduced":"0"},{"fixed":"344a58cd858669f2b742827024dff7fd25fccccf"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.6.5"}]}}],"versions":["0.5-endofline","0.6-start","0.6.0-release","0.6.1-release","0.6.2-release","0.6.3-release","0.6.4-release","0.6.5-rc"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18541.json","vanir_signatures":[{"target":{"file":"src/game/server/gamecontext.cpp"},"source":"https://github.com/teeworlds/teeworlds/commit/344a58cd858669f2b742827024dff7fd25fccccf","signature_version":"v1","signature_type":"Line","id":"CVE-2018-18541-c881deaf","digest":{"threshold":0.9,"line_hashes":["199097209523499565481245254893803474346","79405543112078992577852416865792889683","321368320641149370519006774673267976761","145666099402921007004773993562282529692"]},"deprecated":false},{"target":{"file":"src/game/server/gamecontext.cpp","function":"CGameContext::OnClientDrop"},"id":"CVE-2018-18541-f57a6fcb","signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"function_hash":"321614631417385662394245094589144205613","length":647},"source":"https://github.com/teeworlds/teeworlds/commit/344a58cd858669f2b742827024dff7fd25fccccf"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"vanir_signatures_modified":"2026-04-11T11:39:42Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}