Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 262345 (CVE-2009-0878) - <games-strategy/wesnoth-1.6.1: DoS (memory consumption) (CVE-2009-0878)
Summary: <games-strategy/wesnoth-1.6.1: DoS (memory consumption) (CVE-2009-0878)
Status: RESOLVED FIXED
Alias: CVE-2009-0878
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: https://gna.org/bugs/index.php?13031
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-13 15:56 UTC by Alex Legler (RETIRED)
Modified: 2009-08-28 08:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-03-13 15:56:46 UTC 
CVE description:

The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-03-13 15:58:20 UTC 
Debian patch:
http://patch-tracking.debian.net/patch/series/view/wesnoth/1:1.4.7-4/05limit-mapsize
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-03-14 14:36:08 UTC 
This belongs here, sorry:

CVE-2009-0878 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0878):
  The read_game_map function in src/terrain_translation.cpp in Wesnoth
  before r32987 allows remote attackers to cause a denial of service
  (memory consumption and daemon hang) via a map with a large (1) width
  or (2) height.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-04-23 17:04:21 UTC 
Games, is 1.6.1 ready to be stabilized?
Comment 4 Mr. Bones. (RETIRED) gentoo-dev 2009-04-23 17:31:42 UTC 
It was added 2009-04-12, so no.
Comment 5 Mr. Bones. (RETIRED) gentoo-dev 2009-06-01 16:38:58 UTC 
wesnoth-1.4.7-r1 is gone now.
Comment 6 Mr. Bones. (RETIRED) gentoo-dev 2009-07-24 21:24:24 UTC 
Security team, please do close this out.