QwikSec

Security Database

CVE

CWE

Training

CVE-2007-3917

Published: Oct 11, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.wesnoth.org/forum/viewtopic.php?p=256618

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=324841

x_refsource_CONFIRM

http://www.wesnoth.org/forum/viewtopic.php?t=18188

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_BID

http://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/changelog?rev=20982&view=download

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

FEDORA-2007-2496

vendor-advisory

x_refsource_FEDORA

wesnoth-utf8-dos(37047)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.