Vulnerability-Lookup

CVE-2026-33250 (GCVE-0-2026-33250)

Vulnerability from cvelistv5 – Published: 2026-03-23 23:38 – Updated: 2026-03-24 13:36

Title

Crash when receiving specially-crafted packets

Summary

Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine. Authentication is not needed and, by default, logs do not contain any useful information. All users should upgrade to Freeciv21 version 3.1.1. Running the server behind a firewall can help mitigate the issue for non-public servers. For local games, Freeciv21 restricts connections to the current user and is therefore not affected.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation
CWE-121 - Stack-based Buffer Overflow

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	longturn	freeciv21	Affected: < 3.1.1

OPENSUSE-SU-2026:20423-1

Vulnerability from csaf_opensuse - Published: 2026-03-23 15:34 - Updated: 2026-03-23 15:34

Summary

Security update for freeciv

Severity

Moderate

Notes

Title of the patch: Security update for freeciv

Description of the patch: This update for freeciv fixes the following issues: Changes in freeciv: - freeciv 3.2.4: * CVE-2026-33250: Fix a vulnerability allowing remote crashing of the server (boo#1260036) * SDL2 client: Fix crash on selecting nation style or nation - includes changes from version 3.2.3: * Restore server to sane state after savegame loading failures * Assert unit goto tile validity rather than outright crashing * Improvements to AI players * Client UI tweaks and bug fixes * translation updates - freeciv 3.2.2, a compatible general bugfix release: * Fix backward compatibility in loading unit actions from a savegame * Fix crashes after continuing game from a savegame * Fix an error after player is added mid-game * Fix various crashes in client, and client UI tweaks - freeciv 3.2.1, a compatible general bugfix release: * Fixes for units carrying goods * Fix no city being considered capital for a turn after savegame loading * Corrected what situations make it impossible to airlift a unit * Fix culture victory with very high values of culture * Client UI and crash fixes

Patchnames: openSUSE-Leap-16.0-packagehub-175

CVE-2026-33250

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/o…	self
	https://bugzilla.suse.com/1248258	self
	https://bugzilla.suse.com/1260036	self
	https://www.suse.com/security/cve/CVE-2026-33250/	self
	https://www.suse.com/security/cve/CVE-2026-33250	external
	https://bugzilla.suse.com/1260036	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for freeciv",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for freeciv fixes the following issues:\n\nChanges in freeciv:\n\n- freeciv 3.2.4:\n  * CVE-2026-33250: Fix a vulnerability allowing remote crashing\n    of the server (boo#1260036)\n  * SDL2 client: Fix crash on selecting nation style or nation\n- includes changes from version 3.2.3:\n  * Restore server to sane state after savegame loading failures\n  * Assert unit goto tile validity rather than outright crashing\n  * Improvements to AI players\n  * Client UI tweaks and bug fixes\n  * translation updates\n\n- freeciv 3.2.2, a compatible general bugfix release:\n  * Fix backward compatibility in loading unit actions from a savegame\n  * Fix crashes after continuing game from a savegame\n  * Fix an error after player is added mid-game\n  * Fix various crashes in client, and client UI tweaks\n\n- freeciv 3.2.1, a compatible general bugfix release:\n  * Fixes for units carrying goods\n  * Fix no city being considered capital for a turn after savegame\n    loading\n  * Corrected what situations make it impossible to airlift a unit\n  * Fix culture victory with very high values of culture\n  * Client UI and crash fixes\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Leap-16.0-packagehub-175",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20423-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1248258",
        "url": "https://bugzilla.suse.com/1248258"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260036",
        "url": "https://bugzilla.suse.com/1260036"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-33250 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-33250/"
      }
    ],
    "title": "Security update for freeciv",
    "tracking": {
      "current_release_date": "2026-03-23T15:34:35Z",
      "generator": {
        "date": "2026-03-23T15:34:35Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:20423-1",
      "initial_release_date": "2026-03-23T15:34:35Z",
      "revision_history": [
        {
          "date": "2026-03-23T15:34:35Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeciv-3.2.4-bp160.1.1.aarch64",
                "product": {
                  "name": "freeciv-3.2.4-bp160.1.1.aarch64",
                  "product_id": "freeciv-3.2.4-bp160.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk3-3.2.4-bp160.1.1.aarch64",
                "product": {
                  "name": "freeciv-gtk3-3.2.4-bp160.1.1.aarch64",
                  "product_id": "freeciv-gtk3-3.2.4-bp160.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk4-3.2.4-bp160.1.1.aarch64",
                "product": {
                  "name": "freeciv-gtk4-3.2.4-bp160.1.1.aarch64",
                  "product_id": "freeciv-gtk4-3.2.4-bp160.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-qt-3.2.4-bp160.1.1.aarch64",
                "product": {
                  "name": "freeciv-qt-3.2.4-bp160.1.1.aarch64",
                  "product_id": "freeciv-qt-3.2.4-bp160.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-sdl2-3.2.4-bp160.1.1.aarch64",
                "product": {
                  "name": "freeciv-sdl2-3.2.4-bp160.1.1.aarch64",
                  "product_id": "freeciv-sdl2-3.2.4-bp160.1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeciv-lang-3.2.4-bp160.1.1.noarch",
                "product": {
                  "name": "freeciv-lang-3.2.4-bp160.1.1.noarch",
                  "product_id": "freeciv-lang-3.2.4-bp160.1.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeciv-3.2.4-bp160.1.1.ppc64le",
                "product": {
                  "name": "freeciv-3.2.4-bp160.1.1.ppc64le",
                  "product_id": "freeciv-3.2.4-bp160.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk3-3.2.4-bp160.1.1.ppc64le",
                "product": {
                  "name": "freeciv-gtk3-3.2.4-bp160.1.1.ppc64le",
                  "product_id": "freeciv-gtk3-3.2.4-bp160.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk4-3.2.4-bp160.1.1.ppc64le",
                "product": {
                  "name": "freeciv-gtk4-3.2.4-bp160.1.1.ppc64le",
                  "product_id": "freeciv-gtk4-3.2.4-bp160.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-qt-3.2.4-bp160.1.1.ppc64le",
                "product": {
                  "name": "freeciv-qt-3.2.4-bp160.1.1.ppc64le",
                  "product_id": "freeciv-qt-3.2.4-bp160.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-sdl2-3.2.4-bp160.1.1.ppc64le",
                "product": {
                  "name": "freeciv-sdl2-3.2.4-bp160.1.1.ppc64le",
                  "product_id": "freeciv-sdl2-3.2.4-bp160.1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeciv-3.2.4-bp160.1.1.s390x",
                "product": {
                  "name": "freeciv-3.2.4-bp160.1.1.s390x",
                  "product_id": "freeciv-3.2.4-bp160.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk3-3.2.4-bp160.1.1.s390x",
                "product": {
                  "name": "freeciv-gtk3-3.2.4-bp160.1.1.s390x",
                  "product_id": "freeciv-gtk3-3.2.4-bp160.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk4-3.2.4-bp160.1.1.s390x",
                "product": {
                  "name": "freeciv-gtk4-3.2.4-bp160.1.1.s390x",
                  "product_id": "freeciv-gtk4-3.2.4-bp160.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-qt-3.2.4-bp160.1.1.s390x",
                "product": {
                  "name": "freeciv-qt-3.2.4-bp160.1.1.s390x",
                  "product_id": "freeciv-qt-3.2.4-bp160.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-sdl2-3.2.4-bp160.1.1.s390x",
                "product": {
                  "name": "freeciv-sdl2-3.2.4-bp160.1.1.s390x",
                  "product_id": "freeciv-sdl2-3.2.4-bp160.1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeciv-3.2.4-bp160.1.1.x86_64",
                "product": {
                  "name": "freeciv-3.2.4-bp160.1.1.x86_64",
                  "product_id": "freeciv-3.2.4-bp160.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk3-3.2.4-bp160.1.1.x86_64",
                "product": {
                  "name": "freeciv-gtk3-3.2.4-bp160.1.1.x86_64",
                  "product_id": "freeciv-gtk3-3.2.4-bp160.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk4-3.2.4-bp160.1.1.x86_64",
                "product": {
                  "name": "freeciv-gtk4-3.2.4-bp160.1.1.x86_64",
                  "product_id": "freeciv-gtk4-3.2.4-bp160.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-qt-3.2.4-bp160.1.1.x86_64",
                "product": {
                  "name": "freeciv-qt-3.2.4-bp160.1.1.x86_64",
                  "product_id": "freeciv-qt-3.2.4-bp160.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-sdl2-3.2.4-bp160.1.1.x86_64",
                "product": {
                  "name": "freeciv-sdl2-3.2.4-bp160.1.1.x86_64",
                  "product_id": "freeciv-sdl2-3.2.4-bp160.1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 16.0",
                "product": {
                  "name": "openSUSE Leap 16.0",
                  "product_id": "openSUSE Leap 16.0"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-3.2.4-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-3.2.4-bp160.1.1.aarch64"
        },
        "product_reference": "freeciv-3.2.4-bp160.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-3.2.4-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-3.2.4-bp160.1.1.ppc64le"
        },
        "product_reference": "freeciv-3.2.4-bp160.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-3.2.4-bp160.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-3.2.4-bp160.1.1.s390x"
        },
        "product_reference": "freeciv-3.2.4-bp160.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-3.2.4-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-3.2.4-bp160.1.1.x86_64"
        },
        "product_reference": "freeciv-3.2.4-bp160.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk3-3.2.4-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-gtk3-3.2.4-bp160.1.1.aarch64"
        },
        "product_reference": "freeciv-gtk3-3.2.4-bp160.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk3-3.2.4-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-gtk3-3.2.4-bp160.1.1.ppc64le"
        },
        "product_reference": "freeciv-gtk3-3.2.4-bp160.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk3-3.2.4-bp160.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-gtk3-3.2.4-bp160.1.1.s390x"
        },
        "product_reference": "freeciv-gtk3-3.2.4-bp160.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk3-3.2.4-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-gtk3-3.2.4-bp160.1.1.x86_64"
        },
        "product_reference": "freeciv-gtk3-3.2.4-bp160.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk4-3.2.4-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-gtk4-3.2.4-bp160.1.1.aarch64"
        },
        "product_reference": "freeciv-gtk4-3.2.4-bp160.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk4-3.2.4-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-gtk4-3.2.4-bp160.1.1.ppc64le"
        },
        "product_reference": "freeciv-gtk4-3.2.4-bp160.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk4-3.2.4-bp160.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-gtk4-3.2.4-bp160.1.1.s390x"
        },
        "product_reference": "freeciv-gtk4-3.2.4-bp160.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk4-3.2.4-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-gtk4-3.2.4-bp160.1.1.x86_64"
        },
        "product_reference": "freeciv-gtk4-3.2.4-bp160.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-lang-3.2.4-bp160.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-lang-3.2.4-bp160.1.1.noarch"
        },
        "product_reference": "freeciv-lang-3.2.4-bp160.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-qt-3.2.4-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-qt-3.2.4-bp160.1.1.aarch64"
        },
        "product_reference": "freeciv-qt-3.2.4-bp160.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-qt-3.2.4-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-qt-3.2.4-bp160.1.1.ppc64le"
        },
        "product_reference": "freeciv-qt-3.2.4-bp160.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-qt-3.2.4-bp160.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-qt-3.2.4-bp160.1.1.s390x"
        },
        "product_reference": "freeciv-qt-3.2.4-bp160.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-qt-3.2.4-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-qt-3.2.4-bp160.1.1.x86_64"
        },
        "product_reference": "freeciv-qt-3.2.4-bp160.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-sdl2-3.2.4-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-sdl2-3.2.4-bp160.1.1.aarch64"
        },
        "product_reference": "freeciv-sdl2-3.2.4-bp160.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-sdl2-3.2.4-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-sdl2-3.2.4-bp160.1.1.ppc64le"
        },
        "product_reference": "freeciv-sdl2-3.2.4-bp160.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-sdl2-3.2.4-bp160.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-sdl2-3.2.4-bp160.1.1.s390x"
        },
        "product_reference": "freeciv-sdl2-3.2.4-bp160.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-sdl2-3.2.4-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:freeciv-sdl2-3.2.4-bp160.1.1.x86_64"
        },
        "product_reference": "freeciv-sdl2-3.2.4-bp160.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-33250",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-33250"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player\u0027s machine. Authentication is not needed and, by default, logs do not contain any useful information. All users should upgrade to Freeciv21 version 3.1.1. Running the server behind a firewall can help mitigate the issue for non-public servers. For local games, Freeciv21 restricts connections to the current user and is therefore not affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:freeciv-3.2.4-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:freeciv-3.2.4-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:freeciv-3.2.4-bp160.1.1.s390x",
          "openSUSE Leap 16.0:freeciv-3.2.4-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:freeciv-gtk3-3.2.4-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:freeciv-gtk3-3.2.4-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:freeciv-gtk3-3.2.4-bp160.1.1.s390x",
          "openSUSE Leap 16.0:freeciv-gtk3-3.2.4-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:freeciv-gtk4-3.2.4-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:freeciv-gtk4-3.2.4-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:freeciv-gtk4-3.2.4-bp160.1.1.s390x",
          "openSUSE Leap 16.0:freeciv-gtk4-3.2.4-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:freeciv-lang-3.2.4-bp160.1.1.noarch",
          "openSUSE Leap 16.0:freeciv-qt-3.2.4-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:freeciv-qt-3.2.4-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:freeciv-qt-3.2.4-bp160.1.1.s390x",
          "openSUSE Leap 16.0:freeciv-qt-3.2.4-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:freeciv-sdl2-3.2.4-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:freeciv-sdl2-3.2.4-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:freeciv-sdl2-3.2.4-bp160.1.1.s390x",
          "openSUSE Leap 16.0:freeciv-sdl2-3.2.4-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-33250",
          "url": "https://www.suse.com/security/cve/CVE-2026-33250"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260036 for CVE-2026-33250",
          "url": "https://bugzilla.suse.com/1260036"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:freeciv-3.2.4-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:freeciv-3.2.4-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:freeciv-3.2.4-bp160.1.1.s390x",
            "openSUSE Leap 16.0:freeciv-3.2.4-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:freeciv-gtk3-3.2.4-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:freeciv-gtk3-3.2.4-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:freeciv-gtk3-3.2.4-bp160.1.1.s390x",
            "openSUSE Leap 16.0:freeciv-gtk3-3.2.4-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:freeciv-gtk4-3.2.4-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:freeciv-gtk4-3.2.4-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:freeciv-gtk4-3.2.4-bp160.1.1.s390x",
            "openSUSE Leap 16.0:freeciv-gtk4-3.2.4-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:freeciv-lang-3.2.4-bp160.1.1.noarch",
            "openSUSE Leap 16.0:freeciv-qt-3.2.4-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:freeciv-qt-3.2.4-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:freeciv-qt-3.2.4-bp160.1.1.s390x",
            "openSUSE Leap 16.0:freeciv-qt-3.2.4-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:freeciv-sdl2-3.2.4-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:freeciv-sdl2-3.2.4-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:freeciv-sdl2-3.2.4-bp160.1.1.s390x",
            "openSUSE Leap 16.0:freeciv-sdl2-3.2.4-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-23T15:34:35Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-33250"
    }
  ]
}

OPENSUSE-SU-2026:10401-1

Vulnerability from csaf_opensuse - Published: 2026-03-22 00:00 - Updated: 2026-03-22 00:00

Summary

freeciv-3.2.4-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: freeciv-3.2.4-1.1 on GA media

Description of the patch: These are all security issues fixed in the freeciv-3.2.4-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-10401

CVE-2026-33250

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/o…	self
	https://www.suse.com/security/cve/CVE-2026-33250/	self
	https://www.suse.com/security/cve/CVE-2026-33250	external
	https://bugzilla.suse.com/1260036	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "freeciv-3.2.4-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the freeciv-3.2.4-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10401",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10401-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-33250 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-33250/"
      }
    ],
    "title": "freeciv-3.2.4-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-03-22T00:00:00Z",
      "generator": {
        "date": "2026-03-22T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10401-1",
      "initial_release_date": "2026-03-22T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-03-22T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeciv-3.2.4-1.1.aarch64",
                "product": {
                  "name": "freeciv-3.2.4-1.1.aarch64",
                  "product_id": "freeciv-3.2.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk3-3.2.4-1.1.aarch64",
                "product": {
                  "name": "freeciv-gtk3-3.2.4-1.1.aarch64",
                  "product_id": "freeciv-gtk3-3.2.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk4-3.2.4-1.1.aarch64",
                "product": {
                  "name": "freeciv-gtk4-3.2.4-1.1.aarch64",
                  "product_id": "freeciv-gtk4-3.2.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-lang-3.2.4-1.1.aarch64",
                "product": {
                  "name": "freeciv-lang-3.2.4-1.1.aarch64",
                  "product_id": "freeciv-lang-3.2.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-qt-3.2.4-1.1.aarch64",
                "product": {
                  "name": "freeciv-qt-3.2.4-1.1.aarch64",
                  "product_id": "freeciv-qt-3.2.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-sdl2-3.2.4-1.1.aarch64",
                "product": {
                  "name": "freeciv-sdl2-3.2.4-1.1.aarch64",
                  "product_id": "freeciv-sdl2-3.2.4-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeciv-3.2.4-1.1.ppc64le",
                "product": {
                  "name": "freeciv-3.2.4-1.1.ppc64le",
                  "product_id": "freeciv-3.2.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk3-3.2.4-1.1.ppc64le",
                "product": {
                  "name": "freeciv-gtk3-3.2.4-1.1.ppc64le",
                  "product_id": "freeciv-gtk3-3.2.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk4-3.2.4-1.1.ppc64le",
                "product": {
                  "name": "freeciv-gtk4-3.2.4-1.1.ppc64le",
                  "product_id": "freeciv-gtk4-3.2.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-lang-3.2.4-1.1.ppc64le",
                "product": {
                  "name": "freeciv-lang-3.2.4-1.1.ppc64le",
                  "product_id": "freeciv-lang-3.2.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-qt-3.2.4-1.1.ppc64le",
                "product": {
                  "name": "freeciv-qt-3.2.4-1.1.ppc64le",
                  "product_id": "freeciv-qt-3.2.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-sdl2-3.2.4-1.1.ppc64le",
                "product": {
                  "name": "freeciv-sdl2-3.2.4-1.1.ppc64le",
                  "product_id": "freeciv-sdl2-3.2.4-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeciv-3.2.4-1.1.s390x",
                "product": {
                  "name": "freeciv-3.2.4-1.1.s390x",
                  "product_id": "freeciv-3.2.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk3-3.2.4-1.1.s390x",
                "product": {
                  "name": "freeciv-gtk3-3.2.4-1.1.s390x",
                  "product_id": "freeciv-gtk3-3.2.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk4-3.2.4-1.1.s390x",
                "product": {
                  "name": "freeciv-gtk4-3.2.4-1.1.s390x",
                  "product_id": "freeciv-gtk4-3.2.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-lang-3.2.4-1.1.s390x",
                "product": {
                  "name": "freeciv-lang-3.2.4-1.1.s390x",
                  "product_id": "freeciv-lang-3.2.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-qt-3.2.4-1.1.s390x",
                "product": {
                  "name": "freeciv-qt-3.2.4-1.1.s390x",
                  "product_id": "freeciv-qt-3.2.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-sdl2-3.2.4-1.1.s390x",
                "product": {
                  "name": "freeciv-sdl2-3.2.4-1.1.s390x",
                  "product_id": "freeciv-sdl2-3.2.4-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeciv-3.2.4-1.1.x86_64",
                "product": {
                  "name": "freeciv-3.2.4-1.1.x86_64",
                  "product_id": "freeciv-3.2.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk3-3.2.4-1.1.x86_64",
                "product": {
                  "name": "freeciv-gtk3-3.2.4-1.1.x86_64",
                  "product_id": "freeciv-gtk3-3.2.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-gtk4-3.2.4-1.1.x86_64",
                "product": {
                  "name": "freeciv-gtk4-3.2.4-1.1.x86_64",
                  "product_id": "freeciv-gtk4-3.2.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-lang-3.2.4-1.1.x86_64",
                "product": {
                  "name": "freeciv-lang-3.2.4-1.1.x86_64",
                  "product_id": "freeciv-lang-3.2.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-qt-3.2.4-1.1.x86_64",
                "product": {
                  "name": "freeciv-qt-3.2.4-1.1.x86_64",
                  "product_id": "freeciv-qt-3.2.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "freeciv-sdl2-3.2.4-1.1.x86_64",
                "product": {
                  "name": "freeciv-sdl2-3.2.4-1.1.x86_64",
                  "product_id": "freeciv-sdl2-3.2.4-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-3.2.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-3.2.4-1.1.aarch64"
        },
        "product_reference": "freeciv-3.2.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-3.2.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-3.2.4-1.1.ppc64le"
        },
        "product_reference": "freeciv-3.2.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-3.2.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-3.2.4-1.1.s390x"
        },
        "product_reference": "freeciv-3.2.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-3.2.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-3.2.4-1.1.x86_64"
        },
        "product_reference": "freeciv-3.2.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk3-3.2.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-gtk3-3.2.4-1.1.aarch64"
        },
        "product_reference": "freeciv-gtk3-3.2.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk3-3.2.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-gtk3-3.2.4-1.1.ppc64le"
        },
        "product_reference": "freeciv-gtk3-3.2.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk3-3.2.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-gtk3-3.2.4-1.1.s390x"
        },
        "product_reference": "freeciv-gtk3-3.2.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk3-3.2.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-gtk3-3.2.4-1.1.x86_64"
        },
        "product_reference": "freeciv-gtk3-3.2.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk4-3.2.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-gtk4-3.2.4-1.1.aarch64"
        },
        "product_reference": "freeciv-gtk4-3.2.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk4-3.2.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-gtk4-3.2.4-1.1.ppc64le"
        },
        "product_reference": "freeciv-gtk4-3.2.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk4-3.2.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-gtk4-3.2.4-1.1.s390x"
        },
        "product_reference": "freeciv-gtk4-3.2.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-gtk4-3.2.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-gtk4-3.2.4-1.1.x86_64"
        },
        "product_reference": "freeciv-gtk4-3.2.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-lang-3.2.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-lang-3.2.4-1.1.aarch64"
        },
        "product_reference": "freeciv-lang-3.2.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-lang-3.2.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-lang-3.2.4-1.1.ppc64le"
        },
        "product_reference": "freeciv-lang-3.2.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-lang-3.2.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-lang-3.2.4-1.1.s390x"
        },
        "product_reference": "freeciv-lang-3.2.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-lang-3.2.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-lang-3.2.4-1.1.x86_64"
        },
        "product_reference": "freeciv-lang-3.2.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-qt-3.2.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-qt-3.2.4-1.1.aarch64"
        },
        "product_reference": "freeciv-qt-3.2.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-qt-3.2.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-qt-3.2.4-1.1.ppc64le"
        },
        "product_reference": "freeciv-qt-3.2.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-qt-3.2.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-qt-3.2.4-1.1.s390x"
        },
        "product_reference": "freeciv-qt-3.2.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-qt-3.2.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-qt-3.2.4-1.1.x86_64"
        },
        "product_reference": "freeciv-qt-3.2.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-sdl2-3.2.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-sdl2-3.2.4-1.1.aarch64"
        },
        "product_reference": "freeciv-sdl2-3.2.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-sdl2-3.2.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-sdl2-3.2.4-1.1.ppc64le"
        },
        "product_reference": "freeciv-sdl2-3.2.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-sdl2-3.2.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-sdl2-3.2.4-1.1.s390x"
        },
        "product_reference": "freeciv-sdl2-3.2.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeciv-sdl2-3.2.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:freeciv-sdl2-3.2.4-1.1.x86_64"
        },
        "product_reference": "freeciv-sdl2-3.2.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-33250",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-33250"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:freeciv-3.2.4-1.1.aarch64",
          "openSUSE Tumbleweed:freeciv-3.2.4-1.1.ppc64le",
          "openSUSE Tumbleweed:freeciv-3.2.4-1.1.s390x",
          "openSUSE Tumbleweed:freeciv-3.2.4-1.1.x86_64",
          "openSUSE Tumbleweed:freeciv-gtk3-3.2.4-1.1.aarch64",
          "openSUSE Tumbleweed:freeciv-gtk3-3.2.4-1.1.ppc64le",
          "openSUSE Tumbleweed:freeciv-gtk3-3.2.4-1.1.s390x",
          "openSUSE Tumbleweed:freeciv-gtk3-3.2.4-1.1.x86_64",
          "openSUSE Tumbleweed:freeciv-gtk4-3.2.4-1.1.aarch64",
          "openSUSE Tumbleweed:freeciv-gtk4-3.2.4-1.1.ppc64le",
          "openSUSE Tumbleweed:freeciv-gtk4-3.2.4-1.1.s390x",
          "openSUSE Tumbleweed:freeciv-gtk4-3.2.4-1.1.x86_64",
          "openSUSE Tumbleweed:freeciv-lang-3.2.4-1.1.aarch64",
          "openSUSE Tumbleweed:freeciv-lang-3.2.4-1.1.ppc64le",
          "openSUSE Tumbleweed:freeciv-lang-3.2.4-1.1.s390x",
          "openSUSE Tumbleweed:freeciv-lang-3.2.4-1.1.x86_64",
          "openSUSE Tumbleweed:freeciv-qt-3.2.4-1.1.aarch64",
          "openSUSE Tumbleweed:freeciv-qt-3.2.4-1.1.ppc64le",
          "openSUSE Tumbleweed:freeciv-qt-3.2.4-1.1.s390x",
          "openSUSE Tumbleweed:freeciv-qt-3.2.4-1.1.x86_64",
          "openSUSE Tumbleweed:freeciv-sdl2-3.2.4-1.1.aarch64",
          "openSUSE Tumbleweed:freeciv-sdl2-3.2.4-1.1.ppc64le",
          "openSUSE Tumbleweed:freeciv-sdl2-3.2.4-1.1.s390x",
          "openSUSE Tumbleweed:freeciv-sdl2-3.2.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-33250",
          "url": "https://www.suse.com/security/cve/CVE-2026-33250"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260036 for CVE-2026-33250",
          "url": "https://bugzilla.suse.com/1260036"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:freeciv-3.2.4-1.1.aarch64",
            "openSUSE Tumbleweed:freeciv-3.2.4-1.1.ppc64le",
            "openSUSE Tumbleweed:freeciv-3.2.4-1.1.s390x",
            "openSUSE Tumbleweed:freeciv-3.2.4-1.1.x86_64",
            "openSUSE Tumbleweed:freeciv-gtk3-3.2.4-1.1.aarch64",
            "openSUSE Tumbleweed:freeciv-gtk3-3.2.4-1.1.ppc64le",
            "openSUSE Tumbleweed:freeciv-gtk3-3.2.4-1.1.s390x",
            "openSUSE Tumbleweed:freeciv-gtk3-3.2.4-1.1.x86_64",
            "openSUSE Tumbleweed:freeciv-gtk4-3.2.4-1.1.aarch64",
            "openSUSE Tumbleweed:freeciv-gtk4-3.2.4-1.1.ppc64le",
            "openSUSE Tumbleweed:freeciv-gtk4-3.2.4-1.1.s390x",
            "openSUSE Tumbleweed:freeciv-gtk4-3.2.4-1.1.x86_64",
            "openSUSE Tumbleweed:freeciv-lang-3.2.4-1.1.aarch64",
            "openSUSE Tumbleweed:freeciv-lang-3.2.4-1.1.ppc64le",
            "openSUSE Tumbleweed:freeciv-lang-3.2.4-1.1.s390x",
            "openSUSE Tumbleweed:freeciv-lang-3.2.4-1.1.x86_64",
            "openSUSE Tumbleweed:freeciv-qt-3.2.4-1.1.aarch64",
            "openSUSE Tumbleweed:freeciv-qt-3.2.4-1.1.ppc64le",
            "openSUSE Tumbleweed:freeciv-qt-3.2.4-1.1.s390x",
            "openSUSE Tumbleweed:freeciv-qt-3.2.4-1.1.x86_64",
            "openSUSE Tumbleweed:freeciv-sdl2-3.2.4-1.1.aarch64",
            "openSUSE Tumbleweed:freeciv-sdl2-3.2.4-1.1.ppc64le",
            "openSUSE Tumbleweed:freeciv-sdl2-3.2.4-1.1.s390x",
            "openSUSE Tumbleweed:freeciv-sdl2-3.2.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-22T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-33250"
    }
  ]
}

FKIE_CVE-2026-33250

Vulnerability from fkie_nvd - Published: 2026-03-24 00:16 - Updated: 2026-03-24 15:53

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/longturn/freeciv21/commit/ad8e18ca22595529599782b2984bf44df8d69ed6
	security-advisories@github.com	https://github.com/longturn/freeciv21/releases/tag/v3.1.1
	security-advisories@github.com	https://github.com/longturn/freeciv21/security/advisories/GHSA-f76g-6w3f-f6r3
	security-advisories@github.com	https://redmine.freeciv.org/issues/1955

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player\u0027s machine. Authentication is not needed and, by default, logs do not contain any useful information. All users should upgrade to Freeciv21 version 3.1.1. Running the server behind a firewall can help mitigate the issue for non-public servers. For local games, Freeciv21 restricts connections to the current user and is therefore not affected."
    },
    {
      "lang": "es",
      "value": "Freeciv21 es un juego de estrategia gratuito de c\u00f3digo abierto, por turnos, de construcci\u00f3n de imperios. Las versiones anteriores a la 3.1.1 fallan con un desbordamiento de pila al recibir paquetes especialmente dise\u00f1ados. Un atacante remoto puede usar esto para derribar cualquier servidor p\u00fablico. Un servidor malicioso puede usar esto para bloquear el juego en la m\u00e1quina del jugador. No se necesita autenticaci\u00f3n y, por defecto, los registros no contienen ninguna informaci\u00f3n \u00fatil. Todos los usuarios deber\u00edan actualizar a la versi\u00f3n 3.1.1 de Freeciv21. Ejecutar el servidor detr\u00e1s de un cortafuegos puede ayudar a mitigar el problema para servidores no p\u00fablicos. Para juegos locales, Freeciv21 restringe las conexiones al usuario actual y por lo tanto no se ve afectado."
    }
  ],
  "id": "CVE-2026-33250",
  "lastModified": "2026-03-24T15:53:48.067",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-24T00:16:29.830",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/longturn/freeciv21/commit/ad8e18ca22595529599782b2984bf44df8d69ed6"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/longturn/freeciv21/releases/tag/v3.1.1"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/longturn/freeciv21/security/advisories/GHSA-f76g-6w3f-f6r3"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://redmine.freeciv.org/issues/1955"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-33250 (GCVE-0-2026-33250)

OPENSUSE-SU-2026:20423-1

OPENSUSE-SU-2026:10401-1

FKIE_CVE-2026-33250

Tags

Sightings

Nomenclature