In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.
[ { "source": "https://github.com/teeworlds/teeworlds/commit/344a58cd858669f2b742827024dff7fd25fccccf", "deprecated": false, "target": { "file": "src/game/server/gamecontext.cpp" }, "digest": { "line_hashes": [ "199097209523499565481245254893803474346", "79405543112078992577852416865792889683", "321368320641149370519006774673267976761", "145666099402921007004773993562282529692" ], "threshold": 0.9 }, "id": "CVE-2018-18541-c881deaf", "signature_type": "Line", "signature_version": "v1" }, { "source": "https://github.com/teeworlds/teeworlds/commit/344a58cd858669f2b742827024dff7fd25fccccf", "deprecated": false, "target": { "file": "src/game/server/gamecontext.cpp", "function": "CGameContext::OnClientDrop" }, "digest": { "function_hash": "321614631417385662394245094589144205613", "length": 647.0 }, "id": "CVE-2018-18541-f57a6fcb", "signature_type": "Function", "signature_version": "v1" } ]