Wesnoth Client UTF-8 Remote Denial of Service Vulnerability

Bugtraq ID:	25995
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-3917
Remote:	Yes
Local:	No
Published:	Oct 09 2007 12:00AM
Updated:	Oct 15 2007 11:47AM
Credit:	The vendor disclosed this vulnerability.
Vulnerable:	Wesnoth Wesnoth 1.2.6 Redhat Fedora 7 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0
Not Vulnerable:	Wesnoth Wesnoth 1.2.7

Wesnoth Client UTF-8 Remote Denial of Service Vulnerability

Wesnoth is prone to a remote denial-of-service vulnerability because it fails to handle unexpected input.

Attackers can exploit this issue to cause the Wesnoth client to crash.

Wesnoth 1.2.6 is affected by this issue.

Wesnoth Client UTF-8 Remote Denial of Service Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Wesnoth Client UTF-8 Remote Denial of Service Vulnerability

Solution:
The vendor released fixes to address this issue. Please see the references for more information.

Wesnoth Client UTF-8 Remote Denial of Service Vulnerability

References:

• Wesnoth 1.2.7 Change Log (Wesnoth)
  
• Wesnoth Homepage (Wesnoth)