Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ea Crysis keyexchange报文信息泄露漏洞
Vulnerability Description
Crysis是由Crytek开发的第一人称射击游戏。 Crysis在处理畸形格式的用户请求时存在漏洞,如果远程用户未经首先发送加入游戏报文(0x07)便向Crysis服务器发送了keyexchange报文(0x8c)的话,服务器就会响应包含有KeyExchange1 with no connection错误消息的disconnect报文(0x08),之后为16行的内部日志,日志中包含有各种实时信息,如IP地址、昵称、客户端状态等敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A