5

CVE-2006-0047

packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreecivFreeciv Version2.0.0
FreecivFreeciv Version2.0.1
FreecivFreeciv Version2.0.2
FreecivFreeciv Version2.0.3
FreecivFreeciv Version2.0.4
FreecivFreeciv Version2.0.5
FreecivFreeciv Version2.0.6
FreecivFreeciv Version2.0.7
FreecivFreeciv Version2.0.7a
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.7% 0.938
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355211
http://secunia.com/advisories/19120
Patch
Vendor Advisory
http://secunia.com/advisories/19227
Vendor Advisory
http://secunia.com/advisories/19253
Vendor Advisory
http://www.debian.org/security/2006/dsa-994
http://www.gentoo.org/security/en/glsa/glsa-200603-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:053
http://www.securityfocus.com/archive/1/426866/100/0/threaded
http://www.securityfocus.com/bid/16975
Patch
http://www.vupen.com/english/advisories/2006/0838
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25166