Summary
Game server crashes when services send requestConfig response without servicesMeta.
Affected Code
server-game/start-game.js:230
if ((msg.servicesMeta.startTime > ss.config.servicesMeta.startTime) && ss.isPerpetual) {
// CRASH if msg.servicesMeta is undefinedVulnerability
If services server sends incomplete config or a malicious client spoofs the services response.
Impact
- Game server crash
- Denial of service
Proof of Concept
Send {"cmd":"requestConfig"} without servicesMeta field.
Recommended Fix
if ((msg.servicesMeta?.startTime > ss.config.servicesMeta?.startTime) && ss.isPerpetual) {References
Summary
Game server crashes when services send
requestConfigresponse withoutservicesMeta.Affected Code
server-game/start-game.js:230Vulnerability
If services server sends incomplete config or a malicious client spoofs the services response.
Impact
Proof of Concept
Send
{"cmd":"requestConfig"}withoutservicesMetafield.Recommended Fix
References