CVE 2007-3917
The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers.
Related bugs and status
CVE-2007-3917 (Candidate) is related to these bugs:
Bug #158414: denial of service in wesnoth client and server prior 1.2.7 release
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 158414 | denial of service in wesnoth client and server prior 1.2.7 release | wesnoth (Ubuntu) | High | Fix Released | ||
| 158414 | denial of service in wesnoth client and server prior 1.2.7 release | wesnoth (Ubuntu Gutsy) | Low | Fix Released | ||
| 158414 | denial of service in wesnoth client and server prior 1.2.7 release | wesnoth (Ubuntu Feisty) | Low | Fix Released | ||
| 158414 | denial of service in wesnoth client and server prior 1.2.7 release | wesnoth (Ubuntu Edgy) | Low | Fix Released | ||
| 158414 | denial of service in wesnoth client and server prior 1.2.7 release | wesnoth (Ubuntu Dapper) | Low | Fix Released | ||
Bug #172783: wesnoth exploit allows others to view the content of files on a remote computer
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 172783 | wesnoth exploit allows others to view the content of files on a remote computer | wesnoth (Ubuntu) | High | Fix Released | ||
| 172783 | wesnoth exploit allows others to view the content of files on a remote computer | wesnoth (Ubuntu Gutsy) | High | Fix Released | ||
| 172783 | wesnoth exploit allows others to view the content of files on a remote computer | wesnoth (Ubuntu Feisty) | High | Fix Released | ||
| 172783 | wesnoth exploit allows others to view the content of files on a remote computer | wesnoth (Ubuntu Dapper) | Undecided | Fix Released | ||
| 172783 | wesnoth exploit allows others to view the content of files on a remote computer | wesnoth (Ubuntu Edgy) | Undecided | Fix Released | ||
Bug #173881: the option "turn_cmd" can stall a computer or maybe start another application
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 173881 | the option "turn_cmd" can stall a computer or maybe start another application | wesnoth (Ubuntu) | Undecided | Fix Released | ||
| 173881 | the option "turn_cmd" can stall a computer or maybe start another application | wesnoth (Ubuntu Edgy) | Undecided | Fix Released | ||
| 173881 | the option "turn_cmd" can stall a computer or maybe start another application | wesnoth (Ubuntu Gutsy) | Undecided | Fix Released | ||
| 173881 | the option "turn_cmd" can stall a computer or maybe start another application | wesnoth (Ubuntu Feisty) | Undecided | Fix Released | ||
| 173881 | the option "turn_cmd" can stall a computer or maybe start another application | wesnoth (Ubuntu Dapper) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
