This is a backport of a security relevant fix for RakNet.
The issue has already been fixed in SLikeNet 0.1.3 (see https://www.slikenet.com/).
We provide this backport for people who prefer to stick with the RakNet project and also in order to easier share this fix with other RakNet forks.
A CVSS score cannot be calculated for this one, as no direct usage of PacketizedTCP::SendList() is flawed in RakNet. The issue is therefore only triggered if 3rd-party programs using RakNet make use of the method and pass in more than 512 parameters.
This is a use case which is expected to be far off from reality, so the real world security implications are likely to be non-existant.
This is a backport of a security relevant fix for RakNet. The issue has already been fixed in SLikeNet 0.1.3 (see https://www.slikenet.com/). We provide this backport for people who prefer to stick with the RakNet project and also in order to easier share this fix with other RakNet forks.
A CVSS score cannot be calculated for this one, as no direct usage of PacketizedTCP::SendList() is flawed in RakNet. The issue is therefore only triggered if 3rd-party programs using RakNet make use of the method and pass in more than 512 parameters. This is a use case which is expected to be far off from reality, so the real world security implications are likely to be non-existant.