CVE-2025-14308

NameCVE-2025-14308
DescriptionAn integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1122289

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
robocode (PTS)bullseye1.9.3.9-2vulnerable
bookworm1.9.3.9-3vulnerable
forky, sid, trixie1.9.3.9-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
robocodesource(unstable)(unfixed)1122289

Notes

https://github.com/robo-code/robocode/pull/70
Fixed by: https://github.com/robo-code/robocode/commit/5ca52e3af7e35cd0a7309d573595dcb78cce7fa7 (VER_1_9_5_6)
Fixed by: https://github.com/robo-code/robocode/commit/9f616173e5ed3b7b6c02c2b230b1014822bee363 (VER_1_9_5_6)
Fixed by: https://github.com/robo-code/robocode/commit/9787e2cc90942d94ae341cf5562e42495443084b (VER_1_9_5_6)
Search for package or bug name: Reporting problems