CVE-2008-6737

Published: Apr 21, 2009Modified: Apr 23, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.

Affected (3)

Products: Ea: Crysis

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ea Crysis	Up to 1.21
Ea Crysis	Version 1.1
Ea Crysis	Version 1.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://aluigi.altervista.org/adv/crysislog-adv.txt

Source: cve@mitre.org

http://osvdb.org/46260

Source: cve@mitre.org

http://secunia.com/advisories/30706

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/29720

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/43087

Source: cve@mitre.org

http://aluigi.altervista.org/adv/crysislog-adv.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/46260

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/30706

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/29720

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/43087

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.