CVE-2022-39047: #1017579 - freeciv: CVE-2022-3904: Modpack Installer buffer overflow

Debian Bug report logs - #1017579
freeciv: CVE-2022-3904: Modpack Installer buffer overflow

Reply or subscribe to this bug.

Toggle useless messages

Report forwarded to [email protected], [email protected], Debian Games Team [email protected]:
Bug#1017579; Package src:freeciv. (Wed, 17 Aug 2022 22:54:03 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff [email protected]:
New Bug report received and forwarded. Copy sent to [email protected], Debian Games Team [email protected]. (Wed, 17 Aug 2022 22:54:04 GMT) (full text, mbox, link).

Message #5 received at [email protected] (full text, mbox, reply):

Source: freeciv Version: 2.6.6-1 Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team [email protected]

Quoting from the announcement posted to oss-security (no CVE is available):

---

Just released freeciv-2.6.7 & freeciv-3.0.3 fix buffer overflow in Modpack Installer utility’s handling of the modpack URL. Specially crafted URLs, without any ‘/’ -characters would result in an underflowing length (unsigned)(-1) string copy, i.e., all of the NULL-terminated string given as “URL” would get written beyond the buffer reserved for it.

Freeciv source tarballs are available from https://www.freeciv.org/download.html for current 3.0, and from https://www.freeciv.org/wiki/Old_downloads for 2.6.

In case you can’t make full version update at the moment, bug tracker ticket has also a patch for this single issue attached: https://osdn.net/projects/freeciv/ticket/45299

---

Changed Bug title to ‘freeciv: CVE-2022-6083: Modpack Installer buffer overflow’ from 'Freeciv < 2.6.7, freeciv-3.0 < 3.0.3, Modpack Installer buffer overflow’. Request was from Salvatore Bonaccorso [email protected] to [email protected]. (Thu, 18 Aug 2022 04:33:02 GMT) (full text, mbox, link).

Changed Bug title to ‘freeciv: modpack installer buffer overflow’ from 'freeciv: CVE-2022-6083: Modpack Installer buffer overflow’. Request was from Salvatore Bonaccorso [email protected] to [email protected]. (Fri, 19 Aug 2022 04:27:02 GMT) (full text, mbox, link).

Changed Bug title to ‘freeciv: freeciv modpack installer buffer overflow’ from 'freeciv: modpack installer buffer overflow’. Request was from Salvatore Bonaccorso [email protected] to [email protected]. (Fri, 19 Aug 2022 07:48:02 GMT) (full text, mbox, link).

Changed Bug title to ‘Freeciv < 2.6.7, freeciv-3.0 < 3.0.3, Modpack Installer buffer overflow’ from 'freeciv: freeciv modpack installer buffer overflow’. Request was from Salvatore Bonaccorso [email protected] to [email protected]. (Fri, 19 Aug 2022 07:48:04 GMT) (full text, mbox, link).

Marked as found in versions freeciv/2.6.0-2. Request was from Adrian Bunk [email protected] to [email protected]. (Tue, 30 Aug 2022 05:21:03 GMT) (full text, mbox, link).

Added tag(s) pending. Request was from Tobias Frost [email protected] to [email protected]. (Tue, 30 Aug 2022 11:09:04 GMT) (full text, mbox, link).

Information forwarded to [email protected], Debian Games Team [email protected]:
Bug#1017579; Package src:freeciv. (Wed, 31 Aug 2022 06:00:02 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso [email protected]:
Extra info received and forwarded to list. Copy sent to Debian Games Team [email protected]. (Wed, 31 Aug 2022 06:00:02 GMT) (full text, mbox, link).

Message #24 received at [email protected] (full text, mbox, reply):

Control: retitle -1 freeciv: CVE-2022-3904: Modpack Installer buffer overflow

On Thu, Aug 18, 2022 at 12:51:28AM +0200, Moritz Muehlenhoff wrote:

Source: freeciv Version: 2.6.6-1 Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team [email protected]

Quoting from the announcement posted to oss-security (no CVE is available):

---

Just released freeciv-2.6.7 & freeciv-3.0.3 fix buffer overflow in Modpack Installer utility’s handling of the modpack URL. Specially crafted URLs, without any ‘/’ -characters would result in an underflowing length (unsigned)(-1) string copy, i.e., all of the NULL-terminated string given as “URL” would get written beyond the buffer reserved for it.

Freeciv source tarballs are available from https://www.freeciv.org/download.html for current 3.0, and from https://www.freeciv.org/wiki/Old_downloads for 2.6.

In case you can’t make full version update at the moment, bug tracker ticket has also a patch for this single issue attached: https://osdn.net/projects/freeciv/ticket/45299

---

CVE-2022-39047 has been assigned for this issue.

Regards, Salvatore

Changed Bug title to ‘freeciv: CVE-2022-3904: Modpack Installer buffer overflow’ from 'Freeciv < 2.6.7, freeciv-3.0 < 3.0.3, Modpack Installer buffer overflow’. Request was from Salvatore Bonaccorso [email protected] to [email protected]. (Wed, 31 Aug 2022 06:00:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Wed Aug 31 07:04:06 2022; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.