denial of service in wesnoth client and server prior 1.2.7 release
Bug #158414 reported by
Emilio Pozuelo Monfort
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wesnoth (Ubuntu) |
Fix Released
|
High
|
Emilio Pozuelo Monfort | ||
Dapper |
Fix Released
|
Low
|
Stephan Rügamer | ||
Edgy |
Fix Released
|
Low
|
Stephan Rügamer | ||
Feisty |
Fix Released
|
Low
|
Unassigned | ||
Gutsy |
Fix Released
|
Low
|
Kees Cook |
Bug Description
Binary package hint: wesnoth
The multiplayer engine in Wesnoth before 1.2.7 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp.
CVE References
Changed in wesnoth: | |
assignee: | nobody → shermann |
status: | Triaged → In Progress |
assignee: | nobody → shermann |
status: | Triaged → In Progress |
Changed in wesnoth: | |
status: | In Progress → Fix Released |
status: | In Progress → Fix Released |
To post a comment you must log in.
I'm working on this.