mailing list archives
CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 18 Dec 2012 09:13:44 -0500 (EST)
Hello Kurt, Steve, vendors,
Freeciv upstream has released 2.3.3 version correcting one
A denial of service flaw was found in the way the server component
of Freeciv, a turn-based, multi-player, X based strategy game,
processed certain packets (invalid packets with whole packet length
lower than packet header size or syntactically valid packets, but
whose processing would lead to an infinite loop). A remote attacker
could send a specially-crafted packet that, when processed would lead
to freeciv server to terminate (due to memory exhaustion) or become
unresponsive (due to excessive CPU use).
Upstream bug report:
Relevant patch (against trunk):
Could you allocate a CVE id for this?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
- CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets Jan Lieskovsky (Dec 18)