Uninformed: Informative Information for the Uninformed

Vol 2» 2005.Sept

Chat message server overflow

The server software often assumed that the client would only perform 'sane' actions, and one of these assumptions dealt with how long of a chat message a client could send. The server apparently copied a chat message indicated by a Battle.net protocol client into a fixed 512-byte buffer without proper length checking, such that a client could crash a server by sending a long enough message. Due to the fact that Blizzard's server binaries are not publicly available, it would not have been easy to exploit this flaw to run arbitrary code on the server. This serious vulnerability was fixed within a day of being reported.