FKIE_CVE-2007-3917

Vulnerability from fkie_nvd - Published: 2007-10-11 10:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers.
References
cve@mitre.orghttp://osvdb.org/41711
cve@mitre.orghttp://secunia.com/advisories/27137Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27218Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27241Vendor Advisory
cve@mitre.orghttp://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/changelog?rev=20982&view=download
cve@mitre.orghttp://www.debian.org/security/2007/dsa-1386
cve@mitre.orghttp://www.securityfocus.com/bid/25995
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3449Vendor Advisory
cve@mitre.orghttp://www.wesnoth.org/forum/viewtopic.php?p=256618
cve@mitre.orghttp://www.wesnoth.org/forum/viewtopic.php?t=18188
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=324841
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/37047
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2007-October/msg00194.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/41711
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27137Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27218Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27241Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/changelog?rev=20982&view=download
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1386
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25995
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3449Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.wesnoth.org/forum/viewtopic.php?p=256618
af854a3a-2127-422b-91ae-364da2661108http://www.wesnoth.org/forum/viewtopic.php?t=18188
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=324841
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/37047
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00194.html
Impacted products
Vendor Product Version
wesnoth wesnoth 1.2
wesnoth wesnoth 1.2.1
wesnoth wesnoth 1.2.2
wesnoth wesnoth 1.2.3
wesnoth wesnoth 1.2.4
wesnoth wesnoth 1.2.5
wesnoth wesnoth 1.2.6
wesnoth wesnoth 1.3.1
wesnoth wesnoth 1.3.2
wesnoth wesnoth 1.3.3
wesnoth wesnoth 1.3.4
wesnoth wesnoth 1.3.5
wesnoth wesnoth 1.3.6
wesnoth wesnoth 1.3.7
wesnoth wesnoth 1.3.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F4D957E-7C2A-4062-A3DF-BD02E9CA5D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02358E6-E408-4A1C-A391-9F870625C5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "383AD5F9-7691-4DA8-9DD6-AAB110F54B51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "51AF2340-3914-4411-BDC0-6B84548384B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "95688481-AC1B-4A58-90D3-E6E76D9E0011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3FF4FDE-AF17-4BCE-AFEC-CDA138B76231",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30C116EF-BD41-4820-8243-A680EEB70055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADF53ED-10A0-4F03-8B8B-EE8CB4BDB9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8675995D-8CE9-4A5F-B8AB-E4C33C5EB6B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "873FD0CA-4B14-4927-B430-52D24176FC8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "61B37AA0-8114-4F1A-B9D5-3DFAF896E644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "40A6BB07-3825-412F-9E1D-1C990767157C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7024803-04D0-476E-B2EB-347D2A4F0CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F467E7C6-B3A3-4BAC-A377-9CA52A85A669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wesnoth:wesnoth:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2794D70A-2180-424E-BFC7-848413BBA6B0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp.  NOTE: this issue affects both clients and servers."
    },
    {
      "lang": "es",
      "value": "El motor multijugador en Wesnoth versiones 1.2.x anteriores a 1.2.7 y versiones 1.3.x anteriores a 1.3.9, permite a los servidores remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de un mensaje largo con caracteres multibyte que puede producir una cadena UTF-8 no v\u00e1lida despu\u00e9s que est\u00e1 truncado, lo que desencadena una excepci\u00f3n no detectada, que involucra la funci\u00f3n truncate_message en el archivo server/server.cpp. NOTA: este problema afecta tanto a los clientes como a los servidores."
    }
  ],
  "id": "CVE-2007-3917",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-11T10:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/41711"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27137"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27218"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27241"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/changelog?rev=20982\u0026view=download"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1386"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25995"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3449"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.wesnoth.org/forum/viewtopic.php?p=256618"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.wesnoth.org/forum/viewtopic.php?t=18188"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=324841"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37047"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00194.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/41711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.gna.org/viewcvs/wesnoth/tags/1.2.7/changelog?rev=20982\u0026view=download"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.wesnoth.org/forum/viewtopic.php?p=256618"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.wesnoth.org/forum/viewtopic.php?t=18188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=324841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00194.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.