MidnightBSD

Advisories for freeciv

CVE-2006-0047 MEDIUM

packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-399,

Products Affected

Vendor Product Version
freeciv freeciv 2.0.1
freeciv freeciv 2.0.7a
freeciv freeciv 2.0.3
freeciv freeciv 2.0.4
freeciv freeciv 2.0.5
freeciv freeciv 2.0.0
freeciv freeciv 2.0.6
freeciv freeciv 2.0.2
freeciv freeciv 2.0.7
CVE-2010-2445 HIGH

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
freeciv freeciv 2.3.0
freeciv freeciv 2.2.0
CVE-2012-6083 HIGH

Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
freeciv freeciv *
CVE-2022-39047

Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
freeciv freeciv *