Use of Externally-Controlled Format String

CVE-2007-3917

High

7.8/10

Summary

The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: NONE
Availability Impact: COMPLETE

CWE-134 - Use of Externally-Controlled Format String

The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

References

Advisory Timeline

Published Oct 11, 2007

Use of Externally-Controlled Format String

CVE-2007-3917

Summary

CWE-134 - Use of Externally-Controlled Format String

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS