Vulnerabilities > CVE-2009-0366 - Resource Management Errors vulnerability in Wesnoth

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

wesnoth

CWE-399

nessus

NVD

Published: 2009-03-12

Updated: 2009-03-21

Summary

The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document.

Vulnerable Configurations

Part	Description	Count
Application	Wesnoth Wesnoth Wesnoth 1.0 Wesnoth Wesnoth 1.1 Wesnoth Wesnoth 1.1.1 Wesnoth Wesnoth 1.1.2 Wesnoth Wesnoth 1.1.3 Wesnoth Wesnoth 1.1.4 Wesnoth Wesnoth 1.1.5 Wesnoth Wesnoth 1.1.6 Wesnoth Wesnoth 1.1.7 Wesnoth Wesnoth 1.1.8 Wesnoth Wesnoth 1.1.9 Wesnoth Wesnoth 1.1.10 Wesnoth Wesnoth 1.1.11 Wesnoth Wesnoth 1.1.12 Wesnoth Wesnoth 1.1.13 Wesnoth Wesnoth 1.1.14 Wesnoth Wesnoth 1.2 Wesnoth Wesnoth 1.2.1 Wesnoth Wesnoth 1.2.2 Wesnoth Wesnoth 1.2.3 Wesnoth Wesnoth 1.2.4 Wesnoth Wesnoth 1.2.5 Wesnoth Wesnoth 1.2.6 Wesnoth Wesnoth 1.2.7 Wesnoth Wesnoth 1.2.8 Wesnoth Wesnoth 1.3.8 Wesnoth Wesnoth 1.3.9 Wesnoth Wesnoth 1.3.10 Wesnoth Wesnoth 1.3.11 Wesnoth Wesnoth 1.3.12 Wesnoth Wesnoth 1.3.13 Wesnoth Wesnoth 1.3.14 Wesnoth Wesnoth 1.3.15 Wesnoth Wesnoth 1.3.16 Wesnoth Wesnoth 1.3.17 Wesnoth Wesnoth 1.3.18 Wesnoth Wesnoth 1.3.19 Wesnoth Wesnoth 1.4 Wesnoth Wesnoth 1.4.1 Wesnoth Wesnoth 1.4.2 Wesnoth Wesnoth 1.4.3 Wesnoth Wesnoth 1.4.4 Wesnoth Wesnoth 1.4.5 Wesnoth Wesnoth 1.4.6 Wesnoth Wesnoth 1.4.7 Wesnoth Wesnoth 1.5.0 Wesnoth Wesnoth 1.5.1 Wesnoth Wesnoth 1.5.2 Wesnoth Wesnoth 1.5.3 Wesnoth Wesnoth 1.5.4 Wesnoth Wesnoth 1.5.5 Wesnoth Wesnoth 1.5.6 Wesnoth Wesnoth 1.5.7 Wesnoth Wesnoth 1.5.8 Wesnoth Wesnoth 1.5.9 Wesnoth Wesnoth 1.5.10 Wesnoth Wesnoth *	57

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1737.NASL
description	Several security issues have been discovered in wesnoth, a fantasy turn-based strategy game. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0366 Daniel Franke discovered that the wesnoth server is prone to a denial of service attack when receiving special crafted compressed data. - CVE-2009-0367 Daniel Franke discovered that the sandbox implementation for the python AIs can be used to execute arbitrary python code on wesnoth clients. In order to prevent this issue, the python support has been disabled. A compatibility patch was included, so that the affected campagne is still working properly.
last seen	2020-06-01
modified	2020-06-02
plugin id	35907
published	2009-03-12
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/35907
title	Debian DSA-1737-1 : wesnoth - several vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References