CVE-2007-3917

2007-10-1100:00:00

ubuntu.com

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.029 Low

EPSS

Percentile

90.9%

JSON

The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9
allows remote servers to cause a denial of service (crash) via a long
message with multibyte characters that can produce an invalid UTF-8 string
after it is truncated, which triggers an uncaught exception, involving the
truncate_message function in server/server.cpp. NOTE: this issue affects
both clients and servers.

Bugs

<https://bugs.launchpad.net/ubuntu/gutsy/+source/wesnoth/+bug/173881>

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchwesnoth< 1.1+reverted+to+1.0.2-0ubuntu1.2UNKNOWN
ubuntu6.10noarchwesnoth< 1.1.8-1ubuntu0.2UNKNOWN
ubuntu7.04noarchwesnoth< 1.2.3-0ubuntu1.1UNKNOWN
ubuntu7.10noarchwesnoth< 1.2.6-1ubuntu2.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	wesnoth	< 1.1+reverted+to+1.0.2-0ubuntu1.2	UNKNOWN
ubuntu	6.10	noarch	wesnoth	< 1.1.8-1ubuntu0.2	UNKNOWN
ubuntu	7.04	noarch	wesnoth	< 1.2.3-0ubuntu1.1	UNKNOWN
ubuntu	7.10	noarch	wesnoth	< 1.2.6-1ubuntu2.1	UNKNOWN