cbcvebase.
CVE-2007-3917
published 2007-10-11

CVE-2007-3917: The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with…

PriorityP430high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
2.10%
79.4th percentile
The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers.

Affected

15 ranges
VendorProductVersion rangeFixed in
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.