CVE-2006-3913
freeciv - missing bouncary checks
EPSS 8.9%
Description
Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c.
How to fix CVE-2006-3913
To remediate CVE-2006-3913, upgrade the affected package to a fixed version below.
- Debian/freeciv—upgrade to 2.0.8-3 or later
- —upgrade to 2.0.1-1sarge2 or later
Is CVE-2006-3913 being exploited?
Moderate — EPSS is 8.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.0.8-3
- from 0, < 2.0.1-1sarge2