Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 863848 (CVE-2022-39047) - games-strategy/freeciv: modpack installer buffer overflow
Summary: games-strategy/freeciv: modpack installer buffer overflow
Status: CONFIRMED
Alias: CVE-2022-39047
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://osdn.net/projects/freeciv/tic...
Whiteboard: ~3 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-05 17:30 UTC by John Helmert III
Modified: 2022-08-31 07:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-05 17:30:19 UTC
oss-security post: https://www.openwall.com/lists/oss-security/2022/08/05/1

"Just released freeciv-2.6.7 & freeciv-3.0.3 fix buffer overflow in
Modpack Installer utility's handling of the modpack URL. Specially
crafted URLs, without any '/' -characters would result in an
underflowing length (unsigned)(-1) string copy, i.e., all of the
NULL-terminated string given as "URL" would get written beyond the
buffer reserved for it."

Please bump to 3.0.3.