oss-security - Freeciv < 2.6.7, freeciv-3.0 < 3.0.3, Modpack Installer buffer overflow

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Fri, 5 Aug 2022 02:17:51 +0300
From: Marko Lindqvist <cazfi74@...il.com>
To: oss-security@...ts.openwall.com
Subject: Freeciv < 2.6.7, freeciv-3.0 < 3.0.3, Modpack Installer buffer overflow

 Just released freeciv-2.6.7 & freeciv-3.0.3 fix buffer overflow in
Modpack Installer utility's handling of the modpack URL. Specially
crafted URLs, without any '/' -characters would result in an
underflowing length (unsigned)(-1) string copy, i.e., all of the
NULL-terminated string given as "URL" would get written beyond the
buffer reserved for it.

 Freeciv source tarballs are available from
https://www.freeciv.org/download.html for current 3.0, and from
https://www.freeciv.org/wiki/Old_downloads for 2.6.

 In case you can't make full version update at the moment, bug tracker
ticket has also a patch for this single issue attached:
https://osdn.net/projects/freeciv/ticket/45299

 - ML

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.