Bug 262345 (CVE-2009-0878)

Summary:	<games-strategy/wesnoth-1.6.1: DoS (memory consumption) (CVE-2009-0878)
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	games
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://gna.org/bugs/index.php?13031
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---

Description Alex Legler (RETIRED) archtester

2009-03-13 15:56:46 UTC

CVE description:

The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height.

Comment 1 Alex Legler (RETIRED) archtester

2009-03-13 15:58:20 UTC

Debian patch:
http://patch-tracking.debian.net/patch/series/view/wesnoth/1:1.4.7-4/05limit-mapsize

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2009-03-14 14:36:08 UTC

This belongs here, sorry:

CVE-2009-0878 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0878):
  The read_game_map function in src/terrain_translation.cpp in Wesnoth
  before r32987 allows remote attackers to cause a denial of service
  (memory consumption and daemon hang) via a map with a large (1) width
  or (2) height.

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2009-04-23 17:04:21 UTC

Games, is 1.6.1 ready to be stabilized?

Comment 4 Mr. Bones. (RETIRED) gentoo-dev

2009-04-23 17:31:42 UTC

It was added 2009-04-12, so no.

Comment 5 Mr. Bones. (RETIRED) gentoo-dev

2009-06-01 16:38:58 UTC

wesnoth-1.4.7-r1 is gone now.

Comment 6 Mr. Bones. (RETIRED) gentoo-dev

2009-07-24 21:24:24 UTC

Security team, please do close this out.