CVE-2007-3917

Published: Oct 11, 2007Modified: Apr 23, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers.

Affected (15)

Products: Wesnoth: Wesnoth

1 product

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Wesnoth Wesnoth	Version 1.2.1
Wesnoth Wesnoth	Version 1.2.2
Wesnoth Wesnoth	Version 1.2.3
Wesnoth Wesnoth	Version 1.2.4
Wesnoth Wesnoth	Version 1.2.5
Wesnoth Wesnoth	Version 1.2.6
Wesnoth Wesnoth	Version 1.2
Wesnoth Wesnoth	Version 1.3.1
Wesnoth Wesnoth	Version 1.3.2
Wesnoth Wesnoth	Version 1.3.3
Wesnoth Wesnoth	Version 1.3.4
Wesnoth Wesnoth	Version 1.3.5
Wesnoth Wesnoth	Version 1.3.6
Wesnoth Wesnoth	Version 1.3.7
Wesnoth Wesnoth	Version 1.3.8

Related CWEs

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (26)

http://osvdb.org/41711

Source: cve@mitre.org

http://secunia.com/advisories/27137

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27218

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27241

Source: cve@mitre.org

Vendor Advisory

http://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/changelog?rev=20982&view=download

Source: cve@mitre.org

http://www.debian.org/security/2007/dsa-1386

Source: cve@mitre.org

http://www.securityfocus.com/bid/25995

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3449

Source: cve@mitre.org

Vendor Advisory

http://www.wesnoth.org/forum/viewtopic.php?p=256618

Source: cve@mitre.org

http://www.wesnoth.org/forum/viewtopic.php?t=18188

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=324841

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/37047

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00194.html

Source: cve@mitre.org

http://osvdb.org/41711

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27137

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/27218

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/27241

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/changelog?rev=20982&view=download

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2007/dsa-1386

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25995

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3449

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.wesnoth.org/forum/viewtopic.php?p=256618

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.wesnoth.org/forum/viewtopic.php?t=18188

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=324841

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/37047

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00194.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.