oss-sec mailing list archives

CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 18 Dec 2012 09:13:44 -0500 (EST)

Hello Kurt, Steve, vendors,

  Freeciv upstream has released 2.3.3 version correcting one
security issue:

A denial of service flaw was found in the way the server component
of Freeciv, a turn-based, multi-player, X based strategy game,
processed certain packets (invalid packets with whole packet length
lower than packet header size or syntactically valid packets, but
whose processing would lead to an infinite loop). A remote attacker
could send a specially-crafted packet that, when processed would lead
to freeciv server to terminate (due to memory exhaustion) or become
unresponsive (due to excessive CPU use).

References:
[1] http://aluigi.altervista.org/adv/freecivet-adv.txt
[2] https://bugs.gentoo.org/show_bug.cgi?id=447490
[3] http://freeciv.wikia.com/wiki/NEWS-2.3.3
[4] https://bugzilla.redhat.com/show_bug.cgi?id=888331

Upstream bug report:
[5] http://gna.org/bugs/?20003

Relevant patch (against trunk):
[6] http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21670

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets Jan Lieskovsky (Dec 18)
- Re: CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets Kurt Seifried (Dec 18)