This is a backport of a security relevant fix for RakNet, we discovered. The issue has already been fixed in SLikeNet 0.1.0 (see https://www.slikenet.com/).
We provide this backport for people who prefer to stick with the RakNet project and also in order to easier share this fix with other RakNet forks.
We could/did not calculate a CVSS score, since such score heavily depends on how exactly the 3rd-party-library (IrrlichtEngine) handles the potentially non-null-terminated string. Note that this can also differ between different versions of the 3rd-party-library.
The security implications of the issue should be considered low. It's only an issue in the sample integration and therefore only applies to games/apps which make use of the code provided in RakNetStuff for their integration with the IrrlichtEngine. Since a non-null-terminated string however can result in out of bounds memory access, we decided to treat this issue as a potential security vulnerability.
This is a backport of a security relevant fix for RakNet, we discovered. The issue has already been fixed in SLikeNet 0.1.0 (see https://www.slikenet.com/). We provide this backport for people who prefer to stick with the RakNet project and also in order to easier share this fix with other RakNet forks.
We could/did not calculate a CVSS score, since such score heavily depends on how exactly the 3rd-party-library (IrrlichtEngine) handles the potentially non-null-terminated string. Note that this can also differ between different versions of the 3rd-party-library.
The security implications of the issue should be considered low. It's only an issue in the sample integration and therefore only applies to games/apps which make use of the code provided in RakNetStuff for their integration with the IrrlichtEngine. Since a non-null-terminated string however can result in out of bounds memory access, we decided to treat this issue as a potential security vulnerability.