Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 863848 (CVE-2022-39047)

Summary: games-strategy/freeciv: modpack installer buffer overflow
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: trivial CC: games
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://osdn.net/projects/freeciv/ticket/45299
Whiteboard: ~3 [ebuild]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-05 17:30:19 UTC 
oss-security post: https://www.openwall.com/lists/oss-security/2022/08/05/1

"Just released freeciv-2.6.7 & freeciv-3.0.3 fix buffer overflow in
Modpack Installer utility's handling of the modpack URL. Specially
crafted URLs, without any '/' -characters would result in an
underflowing length (unsigned)(-1) string copy, i.e., all of the
NULL-terminated string given as "URL" would get written beyond the
buffer reserved for it."

Please bump to 3.0.3.