Hi, On Sat, Oct 20, 2018 at 08:06:07PM +0200, Markus Koschany wrote: > Package: teeworlds-server > Version: 0.6.4+dfsg-1 > Severity: grave > Tags: security > > It was discovered that a Teeworlds server could be made inaccessible > by forging connection packets. This made it look like the server was > always full thus access to the server was effectively denied. My own > private server was recently affected by this. The only way to mitigate > this attack is to change the server port. Apparently this issue was > fixed in version 0.6.5.
For 0.6.5 the following two commits might be the relevant ones (not found any further possibly releated): https://github.com/teeworlds/teeworlds/commit/4c00063b2fd9c25998f3d308723e1ae65c20548d https://github.com/teeworlds/teeworlds/commit/439483cef207f3e09f453c3406343a21eff7ba68 Is this correct? Those two were reverted just after the 0.6.5 release apparently, to be substituted with an alternative approach. Was a CVE requested for this issue? Regards, Salvatore
