Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Dec 2012 09:13:44 -0500 (EST)
From: Jan Lieskovsky <>
Cc: "Steven M. Christey" <>
Subject: CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or
 excessive CPU consumption) via malformed network packets

Hello Kurt, Steve, vendors,

  Freeciv upstream has released 2.3.3 version correcting one
security issue:

A denial of service flaw was found in the way the server component
of Freeciv, a turn-based, multi-player, X based strategy game,
processed certain packets (invalid packets with whole packet length
lower than packet header size or syntactically valid packets, but
whose processing would lead to an infinite loop). A remote attacker
could send a specially-crafted packet that, when processed would lead
to freeciv server to terminate (due to memory exhaustion) or become
unresponsive (due to excessive CPU use).


Upstream bug report:

Relevant patch (against trunk):

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.