CRITICAL🇵🇱 Wersja polska

CVE-2025-14308

CVSS 10.0v4.0pub. 2025-12-09upd. 2026-01-05

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.

🤖 AI Analysis
How it works

The write method of the Buffer class does not perform proper validation of the data length passed for writing, leading to integer overflow (CWE-190). This overflow can result in exceeding the bounds of the allocated buffer in memory. An attacker can provide specially crafted input data manipulating the length value, which can consequently lead to arbitrary code execution in the context of the vulnerable application.

Impact

An attacker can cause a buffer overflow in memory, resulting in arbitrary code execution without authorization. Due to the network vector and lack of required privileges, exploitation can occur remotely.

Mitigation & patch

Patches available from the vendor should be applied according to references — a fix pull request is available at https://github.com/robo-code/robocode/pull/70. It is recommended to update to a version containing the patch and restrict access to Robocode instances from untrusted networks until the patch is applied.

Who is affected

Robocode version 1.9.3.6

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red
  • Robocode

    APP
    Robocode
    1.9.3.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2025-14306CRITICAL10.0PL ✓ten sam produkt

Path Traversal w Robocode CacheCleaner — usuwanie dowolnych plików

CVE-2025-14307CRITICAL9.3PL ✓ten sam produkt

Robocode: podatność race condition przy tworzeniu plików tymczasowych (RCE)

CVE-2019-10648CRITICAL9.8ten sam produkt

Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated ...

CVE-2008-2078HIGH7.5ten sam produkt

Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via...

CVE-2007-6382MEDIUM6.8ten sam produkt

The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by u...