Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Dec 2012 09:13:44 -0500 (EST)
From: Jan Lieskovsky <>
Cc: "Steven M. Christey" <>
Subject: CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or
 excessive CPU consumption) via malformed network packets

Hello Kurt, Steve, vendors,

  Freeciv upstream has released 2.3.3 version correcting one
security issue:

A denial of service flaw was found in the way the server component
of Freeciv, a turn-based, multi-player, X based strategy game,
processed certain packets (invalid packets with whole packet length
lower than packet header size or syntactically valid packets, but
whose processing would lead to an infinite loop). A remote attacker
could send a specially-crafted packet that, when processed would lead
to freeciv server to terminate (due to memory exhaustion) or become
unresponsive (due to excessive CPU use).


Upstream bug report:

Relevant patch (against trunk):

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ