Search
Find a vulnerability
Search criteria
4 vulnerabilities found for godot by godotengine
CVE-2019-10069 (GCVE-0-2019-10069)
Vulnerability from nvd – Published: 2019-05-31 21:36 – Updated: 2024-08-04 22:10
VLAI
EPSS
VEX
Summary
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://godotengine.org/news | x_refsource_MISC |
| https://github.com/godotengine/godot/pull/27398 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://godotengine.org/news"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/godotengine/godot/pull/27398"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T21:36:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://godotengine.org/news"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/godotengine/godot/pull/27398"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://godotengine.org/news",
"refsource": "MISC",
"url": "https://godotengine.org/news"
},
{
"name": "https://github.com/godotengine/godot/pull/27398",
"refsource": "MISC",
"url": "https://github.com/godotengine/godot/pull/27398"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10069",
"datePublished": "2019-05-31T21:36:11.000Z",
"dateReserved": "2019-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:10:09.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000224 (GCVE-0-2018-1000224)
Vulnerability from nvd – Published: 2018-08-20 20:00 – Updated: 2024-09-17 02:37
VLAI
EPSS
VEX
Summary
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://godotengine.org/article/maintenance-relea… | x_refsource_CONFIRM |
| https://github.com/godotengine/godot/issues/20558 | x_refsource_CONFIRM |
| https://godotengine.org/article/maintenance-relea… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:46.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://godotengine.org/article/maintenance-release-godot-2-1-5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/godotengine/godot/issues/20558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://godotengine.org/article/maintenance-release-godot-3-0-6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-20T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://godotengine.org/article/maintenance-release-godot-2-1-5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/godotengine/godot/issues/20558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://godotengine.org/article/maintenance-release-godot-3-0-6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-02T16:41:53.514568",
"DATE_REQUESTED": "2018-07-31T16:33:51",
"ID": "CVE-2018-1000224",
"REQUESTER": "fabio.alessandrelli@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://godotengine.org/article/maintenance-release-godot-2-1-5",
"refsource": "CONFIRM",
"url": "https://godotengine.org/article/maintenance-release-godot-2-1-5"
},
{
"name": "https://github.com/godotengine/godot/issues/20558",
"refsource": "CONFIRM",
"url": "https://github.com/godotengine/godot/issues/20558"
},
{
"name": "https://godotengine.org/article/maintenance-release-godot-3-0-6",
"refsource": "CONFIRM",
"url": "https://godotengine.org/article/maintenance-release-godot-3-0-6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000224",
"datePublished": "2018-08-20T20:00:00.000Z",
"dateReserved": "2018-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:37:16.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10069 (GCVE-0-2019-10069)
Vulnerability from cvelistv5 – Published: 2019-05-31 21:36 – Updated: 2024-08-04 22:10
VLAI
EPSS
VEX
Summary
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://godotengine.org/news | x_refsource_MISC |
| https://github.com/godotengine/godot/pull/27398 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://godotengine.org/news"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/godotengine/godot/pull/27398"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T21:36:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://godotengine.org/news"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/godotengine/godot/pull/27398"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://godotengine.org/news",
"refsource": "MISC",
"url": "https://godotengine.org/news"
},
{
"name": "https://github.com/godotengine/godot/pull/27398",
"refsource": "MISC",
"url": "https://github.com/godotengine/godot/pull/27398"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10069",
"datePublished": "2019-05-31T21:36:11.000Z",
"dateReserved": "2019-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:10:09.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000224 (GCVE-0-2018-1000224)
Vulnerability from cvelistv5 – Published: 2018-08-20 20:00 – Updated: 2024-09-17 02:37
VLAI
EPSS
VEX
Summary
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://godotengine.org/article/maintenance-relea… | x_refsource_CONFIRM |
| https://github.com/godotengine/godot/issues/20558 | x_refsource_CONFIRM |
| https://godotengine.org/article/maintenance-relea… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:46.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://godotengine.org/article/maintenance-release-godot-2-1-5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/godotengine/godot/issues/20558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://godotengine.org/article/maintenance-release-godot-3-0-6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-20T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://godotengine.org/article/maintenance-release-godot-2-1-5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/godotengine/godot/issues/20558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://godotengine.org/article/maintenance-release-godot-3-0-6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-02T16:41:53.514568",
"DATE_REQUESTED": "2018-07-31T16:33:51",
"ID": "CVE-2018-1000224",
"REQUESTER": "fabio.alessandrelli@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://godotengine.org/article/maintenance-release-godot-2-1-5",
"refsource": "CONFIRM",
"url": "https://godotengine.org/article/maintenance-release-godot-2-1-5"
},
{
"name": "https://github.com/godotengine/godot/issues/20558",
"refsource": "CONFIRM",
"url": "https://github.com/godotengine/godot/issues/20558"
},
{
"name": "https://godotengine.org/article/maintenance-release-godot-3-0-6",
"refsource": "CONFIRM",
"url": "https://godotengine.org/article/maintenance-release-godot-3-0-6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000224",
"datePublished": "2018-08-20T20:00:00.000Z",
"dateReserved": "2018-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:37:16.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}