Lucene search

[email protected]CVE-2007-3917

HistoryOct 11, 2007 - 10:17 a.m.

CVE-2007-3917

2007-10-1110:17:00

CWE-134

[email protected]

web.nvd.nist.gov

wesnoth

multiplayer

denial of service

cve-2007-3917

security vulnerability

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.2 Medium

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.9%

JSON

The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers.

Affected configurations

NVD

Node

wesnothwesnothMatch1.2

wesnothwesnothMatch1.2.1

wesnothwesnothMatch1.2.2

wesnothwesnothMatch1.2.3

wesnothwesnothMatch1.2.4

wesnothwesnothMatch1.2.5

wesnothwesnothMatch1.2.6

wesnothwesnothMatch1.3.1

wesnothwesnothMatch1.3.2

wesnothwesnothMatch1.3.3

wesnothwesnothMatch1.3.4

wesnothwesnothMatch1.3.5

wesnothwesnothMatch1.3.6

wesnothwesnothMatch1.3.7

wesnothwesnothMatch1.3.8

CPENameOperatorVersion
wesnoth:wesnothwesnotheq1.2
wesnoth:wesnothwesnotheq1.2.1
wesnoth:wesnothwesnotheq1.2.2
wesnoth:wesnothwesnotheq1.2.3
wesnoth:wesnothwesnotheq1.2.4
wesnoth:wesnothwesnotheq1.2.5
wesnoth:wesnothwesnotheq1.2.6
wesnoth:wesnothwesnotheq1.3.1
wesnoth:wesnothwesnotheq1.3.2
wesnoth:wesnothwesnotheq1.3.3

CPE	Name	Operator	Version
wesnoth:wesnoth	wesnoth	eq	1.2
wesnoth:wesnoth	wesnoth	eq	1.2.1
wesnoth:wesnoth	wesnoth	eq	1.2.2
wesnoth:wesnoth	wesnoth	eq	1.2.3
wesnoth:wesnoth	wesnoth	eq	1.2.4
wesnoth:wesnoth	wesnoth	eq	1.2.5
wesnoth:wesnoth	wesnoth	eq	1.2.6
wesnoth:wesnoth	wesnoth	eq	1.3.1
wesnoth:wesnoth	wesnoth	eq	1.3.2
wesnoth:wesnoth	wesnoth	eq	1.3.3