p2r3 Bareiron Out-of-Bounds Memory Access Vulnerability Allowing Information Disclosure and Denial-of-Service

A vulnerability in p2r3 Bareiron starting from commit ba86dfd927b5e2432be797e12095642dc4091fe1 allows unauthenticated attackers to cause an out-of-bounds memory access. This issue arises because an unvalidated entity ID from the client is used as a negative index into the mob_data array, leading to unauthorized memory access. The vulnerability can be exploited by sending a crafted packet, which not only causes data corruption but also allows the attacker to access sensitive information through coordinates returned to the client. Additionally, this out-of-bounds access can be exploited to create a denial-of-service condition on the server.

Impact

Exploitation of this vulnerability leads to arbitrary 5-byte reads within the binary memory bounds, causing potential data corruption.

Reproduction

To reproduce this vulnerability, send a packet to the server with a crafted entity ID that is not properly validated. The server will process this ID, resulting in an out-of-bounds memory access. This can be done by interacting with an entity using the unvalidated ID, which will trigger the vulnerability by accessing memory coordinates that could be manipulated.

Remediation

Users are advised to update to the latest version of p2r3 Bareiron, where this vulnerability has been addressed.