Primary

Context

rAthena Out-of-Bounds Read and Write Vulnerability in Character Movement Slot Parsing

Vulnerability

A vulnerability allowing out-of-bounds reading and writing has been identified in rAthena, an open-source MMORPG server. This issue affects versions prior to commit 0cc348b and arises from a missing bounds check in the 'chclif_parse_moveCharSlot' function. The vulnerability can be exploited using user-provided input, leading to potential memory corruption.

Impact

Exploitation of this vulnerability allows for out-of-bounds memory access, which can commonly lead to memory corruption or arbitrary code execution.

Remediation

Users can upgrade to rAthena commit 0cc348b or apply the changes from this commit manually to address the vulnerability.

Added: Sep 9, 2025, 11:21 PM

Updated: Sep 9, 2025, 11:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

rAthena Out-of-Bounds Read and Write Vulnerability in Character Movement Slot Parsing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating