Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by wesnoth
CVE-2018-1999023 (GCVE-0-2018-1999023)
Vulnerability from cvelistv5 – Published: 2018-07-23 16:00 – Updated: 2024-09-17 03:18
VLAI
Summary
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gist.github.com/shikadiqueen/45951ddc981c… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-07-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-23T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-22T01:05:34.780576",
"DATE_REQUESTED": "2018-07-21T05:38:45",
"ID": "CVE-2018-1999023",
"REQUESTER": "shadowm2006@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380",
"refsource": "CONFIRM",
"url": "https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1999023",
"datePublished": "2018-07-23T16:00:00.000Z",
"dateReserved": "2018-07-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:18:33.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5069 (GCVE-0-2015-5069)
Vulnerability from cvelistv5 – Published: 2017-09-26 14:00 – Updated: 2024-08-06 06:32
VLAI
Summary
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://github.com/wesnoth/wesnoth/releases/tag/1.13.1 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1236010 | x_refsource_CONFIRM |
| https://github.com/wesnoth/wesnoth/commit/f891446… | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://gna.org/bugs/?23504 | x_refsource_MISC |
| http://www.securityfocus.com/bid/75424 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2015/0… | mailing-listx_refsource_MLIST |
| https://github.com/wesnoth/wesnoth/releases/tag/1.12.3 | x_refsource_CONFIRM |
Date Public
2015-06-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wesnoth/wesnoth/releases/tag/1.13.1"
},
{
"name": "FEDORA-2015-10964",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1236010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d"
},
{
"name": "FEDORA-2015-10973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gna.org/bugs/?23504"
},
{
"name": "75424",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75424"
},
{
"name": "[oss-security] 20150625 Re: CVE request: Wesnoth authentication information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wesnoth/wesnoth/releases/tag/1.12.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T13:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wesnoth/wesnoth/releases/tag/1.13.1"
},
{
"name": "FEDORA-2015-10964",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1236010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d"
},
{
"name": "FEDORA-2015-10973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gna.org/bugs/?23504"
},
{
"name": "75424",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75424"
},
{
"name": "[oss-security] 20150625 Re: CVE request: Wesnoth authentication information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wesnoth/wesnoth/releases/tag/1.12.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wesnoth/wesnoth/releases/tag/1.13.1",
"refsource": "CONFIRM",
"url": "https://github.com/wesnoth/wesnoth/releases/tag/1.13.1"
},
{
"name": "FEDORA-2015-10964",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1236010",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1236010"
},
{
"name": "https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d",
"refsource": "CONFIRM",
"url": "https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d"
},
{
"name": "FEDORA-2015-10973",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html"
},
{
"name": "https://gna.org/bugs/?23504",
"refsource": "MISC",
"url": "https://gna.org/bugs/?23504"
},
{
"name": "75424",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75424"
},
{
"name": "[oss-security] 20150625 Re: CVE request: Wesnoth authentication information disclosure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/12"
},
{
"name": "https://github.com/wesnoth/wesnoth/releases/tag/1.12.3",
"refsource": "CONFIRM",
"url": "https://github.com/wesnoth/wesnoth/releases/tag/1.12.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5069",
"datePublished": "2017-09-26T14:00:00.000Z",
"dateReserved": "2015-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:32:32.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5070 (GCVE-0-2015-5070)
Vulnerability from cvelistv5 – Published: 2017-09-26 14:00 – Updated: 2024-08-06 06:32
VLAI
Summary
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/75425 | vdb-entryx_refsource_BID |
| https://github.com/wesnoth/wesnoth/commit/b2738ff… | x_refsource_CONFIRM |
| https://github.com/wesnoth/wesnoth/releases/tag/1.13.1 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1236010 | x_refsource_CONFIRM |
| https://github.com/wesnoth/wesnoth/releases/tag/1.12.4 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://gna.org/bugs/?23504 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2015/0… | mailing-listx_refsource_MLIST |
Date Public
2015-06-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75425"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wesnoth/wesnoth/releases/tag/1.13.1"
},
{
"name": "FEDORA-2015-10964",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1236010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wesnoth/wesnoth/releases/tag/1.12.4"
},
{
"name": "FEDORA-2015-10973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gna.org/bugs/?23504"
},
{
"name": "[oss-security] 20150625 Re: CVE request: Wesnoth authentication information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T13:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "75425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75425"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wesnoth/wesnoth/releases/tag/1.13.1"
},
{
"name": "FEDORA-2015-10964",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1236010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wesnoth/wesnoth/releases/tag/1.12.4"
},
{
"name": "FEDORA-2015-10973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gna.org/bugs/?23504"
},
{
"name": "[oss-security] 20150625 Re: CVE request: Wesnoth authentication information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75425"
},
{
"name": "https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59",
"refsource": "CONFIRM",
"url": "https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59"
},
{
"name": "https://github.com/wesnoth/wesnoth/releases/tag/1.13.1",
"refsource": "CONFIRM",
"url": "https://github.com/wesnoth/wesnoth/releases/tag/1.13.1"
},
{
"name": "FEDORA-2015-10964",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1236010",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1236010"
},
{
"name": "https://github.com/wesnoth/wesnoth/releases/tag/1.12.4",
"refsource": "CONFIRM",
"url": "https://github.com/wesnoth/wesnoth/releases/tag/1.12.4"
},
{
"name": "FEDORA-2015-10973",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html"
},
{
"name": "https://gna.org/bugs/?23504",
"refsource": "MISC",
"url": "https://gna.org/bugs/?23504"
},
{
"name": "[oss-security] 20150625 Re: CVE request: Wesnoth authentication information disclosure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5070",
"datePublished": "2017-09-26T14:00:00.000Z",
"dateReserved": "2015-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:32:32.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0844 (GCVE-0-2015-0844)
Vulnerability from cvelistv5 – Published: 2015-04-14 18:00 – Updated: 2024-08-06 04:26
VLAI
Summary
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.debian.org/security/2015/dsa-3218 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://forums.wesnoth.org/viewtopic.php?t=41872 | x_refsource_CONFIRM |
| http://forums.wesnoth.org/viewtopic.php?t=41870 | x_refsource_CONFIRM |
Date Public
2015-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:10.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-6295",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156001.html"
},
{
"name": "DSA-3218",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3218"
},
{
"name": "FEDORA-2015-6108",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155031.html"
},
{
"name": "FEDORA-2015-6280",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155968.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.wesnoth.org/viewtopic.php?t=41872"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.wesnoth.org/viewtopic.php?t=41870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-04T20:57:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "FEDORA-2015-6295",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156001.html"
},
{
"name": "DSA-3218",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3218"
},
{
"name": "FEDORA-2015-6108",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155031.html"
},
{
"name": "FEDORA-2015-6280",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155968.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.wesnoth.org/viewtopic.php?t=41872"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.wesnoth.org/viewtopic.php?t=41870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-6295",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156001.html"
},
{
"name": "DSA-3218",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3218"
},
{
"name": "FEDORA-2015-6108",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155031.html"
},
{
"name": "FEDORA-2015-6280",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155968.html"
},
{
"name": "http://forums.wesnoth.org/viewtopic.php?t=41872",
"refsource": "CONFIRM",
"url": "http://forums.wesnoth.org/viewtopic.php?t=41872"
},
{
"name": "http://forums.wesnoth.org/viewtopic.php?t=41870",
"refsource": "CONFIRM",
"url": "http://forums.wesnoth.org/viewtopic.php?t=41870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-0844",
"datePublished": "2015-04-14T18:00:00.000Z",
"dateReserved": "2015-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:10.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0878 (GCVE-0-2009-0878)
Vulnerability from cvelistv5 – Published: 2009-03-12 15:00 – Updated: 2024-08-07 04:48
VLAI
Summary
The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://launchpad.net/bugs/336396 | x_refsource_CONFIRM |
| http://packages.debian.org/changelogs/pool/main/w… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://packages.debian.org/changelogs/pool/main/w… | x_refsource_CONFIRM |
| http://svn.gna.org/viewcvs/wesnoth/trunk/src/terr… | x_refsource_CONFIRM |
| http://svn.gna.org/viewcvs/wesnoth/trunk/src/terr… | x_refsource_CONFIRM |
| https://gna.org/bugs/index.php?13031 | x_refsource_CONFIRM |
| http://launchpad.net/bugs/335089 | x_refsource_CONFIRM |
Date Public
2009-03-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://launchpad.net/bugs/336396"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog"
},
{
"name": "wesnoth-readgamemap-dos(49294)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49294"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/terrain_translation.cpp?r2=32987\u0026rev=32987\u0026r1=31859\u0026dir_pagestart=200"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/terrain_translation.cpp?rev=33078\u0026dir_pagestart=200\u0026view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gna.org/bugs/index.php?13031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://launchpad.net/bugs/335089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://launchpad.net/bugs/336396"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog"
},
{
"name": "wesnoth-readgamemap-dos(49294)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49294"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/terrain_translation.cpp?r2=32987\u0026rev=32987\u0026r1=31859\u0026dir_pagestart=200"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/terrain_translation.cpp?rev=33078\u0026dir_pagestart=200\u0026view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gna.org/bugs/index.php?13031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://launchpad.net/bugs/335089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://launchpad.net/bugs/336396",
"refsource": "CONFIRM",
"url": "http://launchpad.net/bugs/336396"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog"
},
{
"name": "wesnoth-readgamemap-dos(49294)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49294"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog"
},
{
"name": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/terrain_translation.cpp?r2=32987\u0026rev=32987\u0026r1=31859\u0026dir_pagestart=200",
"refsource": "CONFIRM",
"url": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/terrain_translation.cpp?r2=32987\u0026rev=32987\u0026r1=31859\u0026dir_pagestart=200"
},
{
"name": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/terrain_translation.cpp?rev=33078\u0026dir_pagestart=200\u0026view=log",
"refsource": "CONFIRM",
"url": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/terrain_translation.cpp?rev=33078\u0026dir_pagestart=200\u0026view=log"
},
{
"name": "https://gna.org/bugs/index.php?13031",
"refsource": "CONFIRM",
"url": "https://gna.org/bugs/index.php?13031"
},
{
"name": "http://launchpad.net/bugs/335089",
"refsource": "CONFIRM",
"url": "http://launchpad.net/bugs/335089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0878",
"datePublished": "2009-03-12T15:00:00.000Z",
"dateReserved": "2009-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:48:52.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0366 (GCVE-0-2009-0366)
Vulnerability from cvelistv5 – Published: 2009-03-12 15:00 – Updated: 2024-08-07 04:31
VLAI
Summary
The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://launchpad.net/bugs/336396 | x_refsource_CONFIRM |
| https://gna.org/bugs/index.php?13037 | x_refsource_CONFIRM |
| http://packages.debian.org/changelogs/pool/main/w… | x_refsource_CONFIRM |
| http://osvdb.org/52672 | vdb-entryx_refsource_OSVDB |
| http://svn.gna.org/viewcvs/wesnoth/trunk/src/serv… | x_refsource_CONFIRM |
| http://packages.debian.org/changelogs/pool/main/w… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/34085 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/34253 | third-party-advisoryx_refsource_SECUNIA |
| http://svn.gna.org/viewcvs/wesnoth/trunk/src/serv… | x_refsource_CONFIRM |
| http://launchpad.net/bugs/cve/2009-0366 | x_refsource_CONFIRM |
| http://secunia.com/advisories/34236 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2009/dsa-1737 | vendor-advisoryx_refsource_DEBIAN |
| http://launchpad.net/bugs/335089 | x_refsource_CONFIRM |
Date Public
2009-03-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://launchpad.net/bugs/336396"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gna.org/bugs/index.php?13037"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog"
},
{
"name": "52672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/server/simple_wml.cpp?rev=33069\u0026view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog"
},
{
"name": "34085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34085"
},
{
"name": "34253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34253"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/server/simple_wml.cpp?rev=33069\u0026r1=32990\u0026r2=33069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://launchpad.net/bugs/cve/2009-0366"
},
{
"name": "34236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34236"
},
{
"name": "DSA-1737",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1737"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://launchpad.net/bugs/335089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-19T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://launchpad.net/bugs/336396"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gna.org/bugs/index.php?13037"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog"
},
{
"name": "52672",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/server/simple_wml.cpp?rev=33069\u0026view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog"
},
{
"name": "34085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34085"
},
{
"name": "34253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34253"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/server/simple_wml.cpp?rev=33069\u0026r1=32990\u0026r2=33069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://launchpad.net/bugs/cve/2009-0366"
},
{
"name": "34236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34236"
},
{
"name": "DSA-1737",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1737"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://launchpad.net/bugs/335089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://launchpad.net/bugs/336396",
"refsource": "CONFIRM",
"url": "http://launchpad.net/bugs/336396"
},
{
"name": "https://gna.org/bugs/index.php?13037",
"refsource": "CONFIRM",
"url": "https://gna.org/bugs/index.php?13037"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog"
},
{
"name": "52672",
"refsource": "OSVDB",
"url": "http://osvdb.org/52672"
},
{
"name": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/server/simple_wml.cpp?rev=33069\u0026view=log",
"refsource": "CONFIRM",
"url": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/server/simple_wml.cpp?rev=33069\u0026view=log"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog"
},
{
"name": "34085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34085"
},
{
"name": "34253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34253"
},
{
"name": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/server/simple_wml.cpp?rev=33069\u0026r1=32990\u0026r2=33069",
"refsource": "CONFIRM",
"url": "http://svn.gna.org/viewcvs/wesnoth/trunk/src/server/simple_wml.cpp?rev=33069\u0026r1=32990\u0026r2=33069"
},
{
"name": "http://launchpad.net/bugs/cve/2009-0366",
"refsource": "CONFIRM",
"url": "http://launchpad.net/bugs/cve/2009-0366"
},
{
"name": "34236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34236"
},
{
"name": "DSA-1737",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1737"
},
{
"name": "http://launchpad.net/bugs/335089",
"refsource": "CONFIRM",
"url": "http://launchpad.net/bugs/335089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0366",
"datePublished": "2009-03-12T15:00:00.000Z",
"dateReserved": "2009-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:31:25.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0367 (GCVE-0-2009-0367)
Vulnerability from cvelistv5 – Published: 2009-03-05 02:00 – Updated: 2024-08-07 04:31
VLAI
Summary
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://launchpad.net/bugs/336396 | x_refsource_CONFIRM |
| http://packages.debian.org/changelogs/pool/main/w… | x_refsource_CONFIRM |
| https://gna.org/bugs/index.php?13048 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.wesnoth.org/forum/viewtopic.php?t=24340 | x_refsource_CONFIRM |
| http://packages.debian.org/changelogs/pool/main/w… | x_refsource_CONFIRM |
| http://www.wesnoth.org/forum/viewtopic.php?t=24247 | x_refsource_CONFIRM |
| http://secunia.com/advisories/34058 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2009/0595 | vdb-entryx_refsource_VUPEN |
| http://launchpad.net/bugs/cve/2009-0367 | x_refsource_CONFIRM |
| http://secunia.com/advisories/34236 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2009/dsa-1737 | vendor-advisoryx_refsource_DEBIAN |
| http://launchpad.net/bugs/335089 | x_refsource_CONFIRM |
Date Public
2009-02-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:26.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://launchpad.net/bugs/336396"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gna.org/bugs/index.php?13048"
},
{
"name": "wesnoth-pythonai-code-execution(49058)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49058"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=24340"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=24247"
},
{
"name": "34058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34058"
},
{
"name": "ADV-2009-0595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0595"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://launchpad.net/bugs/cve/2009-0367"
},
{
"name": "34236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34236"
},
{
"name": "DSA-1737",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1737"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://launchpad.net/bugs/335089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://launchpad.net/bugs/336396"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gna.org/bugs/index.php?13048"
},
{
"name": "wesnoth-pythonai-code-execution(49058)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49058"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=24340"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=24247"
},
{
"name": "34058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34058"
},
{
"name": "ADV-2009-0595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0595"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://launchpad.net/bugs/cve/2009-0367"
},
{
"name": "34236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34236"
},
{
"name": "DSA-1737",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1737"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://launchpad.net/bugs/335089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://launchpad.net/bugs/336396",
"refsource": "CONFIRM",
"url": "http://launchpad.net/bugs/336396"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog"
},
{
"name": "https://gna.org/bugs/index.php?13048",
"refsource": "CONFIRM",
"url": "https://gna.org/bugs/index.php?13048"
},
{
"name": "wesnoth-pythonai-code-execution(49058)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49058"
},
{
"name": "http://www.wesnoth.org/forum/viewtopic.php?t=24340",
"refsource": "CONFIRM",
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=24340"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog"
},
{
"name": "http://www.wesnoth.org/forum/viewtopic.php?t=24247",
"refsource": "CONFIRM",
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=24247"
},
{
"name": "34058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34058"
},
{
"name": "ADV-2009-0595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0595"
},
{
"name": "http://launchpad.net/bugs/cve/2009-0367",
"refsource": "CONFIRM",
"url": "http://launchpad.net/bugs/cve/2009-0367"
},
{
"name": "34236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34236"
},
{
"name": "DSA-1737",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1737"
},
{
"name": "http://launchpad.net/bugs/335089",
"refsource": "CONFIRM",
"url": "http://launchpad.net/bugs/335089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0367",
"datePublished": "2009-03-05T02:00:00.000Z",
"dateReserved": "2009-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:31:26.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5742 (GCVE-0-2007-5742)
Vulnerability from cvelistv5 – Published: 2007-12-01 02:00 – Updated: 2024-08-07 15:39
VLAI
Summary
Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://osvdb.org/41713 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/27920 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://secunia.com/advisories/27943 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/27786 | third-party-advisoryx_refsource_SECUNIA |
| http://www.wesnoth.org/forum/viewtopic.php?p=2642… | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.vupen.com/english/advisories/2007/4026 | vdb-entryx_refsource_VUPEN |
| http://www.wesnoth.org/forum/viewtopic.php?t=18844 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/26626 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2007/dsa-1421 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2007-11-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41713",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41713"
},
{
"name": "27920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27920"
},
{
"name": "FEDORA-2007-3989",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=557098"
},
{
"name": "27943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27943"
},
{
"name": "27786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27786"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?p=264289#264289"
},
{
"name": "FEDORA-2007-3986",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00004.html"
},
{
"name": "ADV-2007-4026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=18844"
},
{
"name": "wesnoth-wml-directory-traversal(38752)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38752"
},
{
"name": "26626",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26626"
},
{
"name": "DSA-1421",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via \"..\" sequences in unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41713",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41713"
},
{
"name": "27920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27920"
},
{
"name": "FEDORA-2007-3989",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=557098"
},
{
"name": "27943",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27943"
},
{
"name": "27786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27786"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?p=264289#264289"
},
{
"name": "FEDORA-2007-3986",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00004.html"
},
{
"name": "ADV-2007-4026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=18844"
},
{
"name": "wesnoth-wml-directory-traversal(38752)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38752"
},
{
"name": "26626",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26626"
},
{
"name": "DSA-1421",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1421"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via \"..\" sequences in unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41713",
"refsource": "OSVDB",
"url": "http://osvdb.org/41713"
},
{
"name": "27920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27920"
},
{
"name": "FEDORA-2007-3989",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00006.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=557098",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=557098"
},
{
"name": "27943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27943"
},
{
"name": "27786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27786"
},
{
"name": "http://www.wesnoth.org/forum/viewtopic.php?p=264289#264289",
"refsource": "CONFIRM",
"url": "http://www.wesnoth.org/forum/viewtopic.php?p=264289#264289"
},
{
"name": "FEDORA-2007-3986",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00004.html"
},
{
"name": "ADV-2007-4026",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4026"
},
{
"name": "http://www.wesnoth.org/forum/viewtopic.php?t=18844",
"refsource": "CONFIRM",
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=18844"
},
{
"name": "wesnoth-wml-directory-traversal(38752)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38752"
},
{
"name": "26626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26626"
},
{
"name": "DSA-1421",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1421"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5742",
"datePublished": "2007-12-01T02:00:00.000Z",
"dateReserved": "2007-10-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:39:13.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6201 (GCVE-0-2007-6201)
Vulnerability from cvelistv5 – Published: 2007-12-01 02:00 – Updated: 2024-08-07 15:54
VLAI
Summary
Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via unknown vectors related to the turn_cmd option.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/26625 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/27786 | third-party-advisoryx_refsource_SECUNIA |
| http://www.wesnoth.org/forum/viewtopic.php?p=2642… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/4026 | vdb-entryx_refsource_VUPEN |
| http://www.wesnoth.org/forum/viewtopic.php?t=18844 | x_refsource_CONFIRM |
Date Public
2007-11-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=557098"
},
{
"name": "26625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26625"
},
{
"name": "wesnoth-turncmd-dos(38751)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38751"
},
{
"name": "27786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27786"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?p=264289#264289"
},
{
"name": "ADV-2007-4026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=18844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a \"faulty add-on\" and possibly execute other commands via unknown vectors related to the turn_cmd option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=557098"
},
{
"name": "26625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26625"
},
{
"name": "wesnoth-turncmd-dos(38751)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38751"
},
{
"name": "27786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27786"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?p=264289#264289"
},
{
"name": "ADV-2007-4026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=18844"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a \"faulty add-on\" and possibly execute other commands via unknown vectors related to the turn_cmd option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=557098",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=557098"
},
{
"name": "26625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26625"
},
{
"name": "wesnoth-turncmd-dos(38751)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38751"
},
{
"name": "27786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27786"
},
{
"name": "http://www.wesnoth.org/forum/viewtopic.php?p=264289#264289",
"refsource": "CONFIRM",
"url": "http://www.wesnoth.org/forum/viewtopic.php?p=264289#264289"
},
{
"name": "ADV-2007-4026",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4026"
},
{
"name": "http://www.wesnoth.org/forum/viewtopic.php?t=18844",
"refsource": "CONFIRM",
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=18844"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6201",
"datePublished": "2007-12-01T02:00:00.000Z",
"dateReserved": "2007-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:54:27.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3917 (GCVE-0-2007-3917)
Vulnerability from cvelistv5 – Published: 2007-10-11 10:00 – Updated: 2024-08-07 14:37
VLAI
Summary
The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://www.wesnoth.org/forum/viewtopic.php?p=256618 | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=324841 | x_refsource_CONFIRM |
| http://www.wesnoth.org/forum/viewtopic.php?t=18188 | x_refsource_CONFIRM |
| http://osvdb.org/41711 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/25995 | vdb-entryx_refsource_BID |
| http://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/cha… | x_refsource_CONFIRM |
| http://secunia.com/advisories/27218 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/27241 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2007/dsa-1386 | vendor-advisoryx_refsource_DEBIAN |
| http://www.vupen.com/english/advisories/2007/3449 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/27137 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?p=256618"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=324841"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=18188"
},
{
"name": "41711",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41711"
},
{
"name": "25995",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25995"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/changelog?rev=20982\u0026view=download"
},
{
"name": "27218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27218"
},
{
"name": "FEDORA-2007-2496",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00194.html"
},
{
"name": "wesnoth-utf8-dos(37047)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37047"
},
{
"name": "27241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27241"
},
{
"name": "DSA-1386",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1386"
},
{
"name": "ADV-2007-3449",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3449"
},
{
"name": "27137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27137"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?p=256618"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=324841"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=18188"
},
{
"name": "41711",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41711"
},
{
"name": "25995",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25995"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/changelog?rev=20982\u0026view=download"
},
{
"name": "27218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27218"
},
{
"name": "FEDORA-2007-2496",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00194.html"
},
{
"name": "wesnoth-utf8-dos(37047)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37047"
},
{
"name": "27241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27241"
},
{
"name": "DSA-1386",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1386"
},
{
"name": "ADV-2007-3449",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3449"
},
{
"name": "27137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27137"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wesnoth.org/forum/viewtopic.php?p=256618",
"refsource": "CONFIRM",
"url": "http://www.wesnoth.org/forum/viewtopic.php?p=256618"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=324841",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=324841"
},
{
"name": "http://www.wesnoth.org/forum/viewtopic.php?t=18188",
"refsource": "CONFIRM",
"url": "http://www.wesnoth.org/forum/viewtopic.php?t=18188"
},
{
"name": "41711",
"refsource": "OSVDB",
"url": "http://osvdb.org/41711"
},
{
"name": "25995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25995"
},
{
"name": "http://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/changelog?rev=20982\u0026view=download",
"refsource": "CONFIRM",
"url": "http://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/changelog?rev=20982\u0026view=download"
},
{
"name": "27218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27218"
},
{
"name": "FEDORA-2007-2496",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00194.html"
},
{
"name": "wesnoth-utf8-dos(37047)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37047"
},
{
"name": "27241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27241"
},
{
"name": "DSA-1386",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1386"
},
{
"name": "ADV-2007-3449",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3449"
},
{
"name": "27137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27137"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3917",
"datePublished": "2007-10-11T10:00:00.000Z",
"dateReserved": "2007-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:05.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}