cbcvebase.

Wesnoth vulnerabilities

6 known vulnerabilities affecting wesnoth/wesnoth.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2009-0367P3CRITICALCVSS 9.3PoCv1.4v1.4.1+17 more2009-03-05
CVE-2009-0367 [CRITICAL] CWE-264 CVE-2009-0367: The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sa The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
nvd
CVE-2007-5742P3CRITICALCVSS 9.0v0.2.1v0.3+79 more2007-12-01
CVE-2007-5742 [CRITICAL] CWE-22 CVE-2007-5742: Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
nvd
CVE-2007-3917P4HIGHCVSS 7.8v1.2v1.2.1+13 more2007-10-11
CVE-2007-3917 [HIGH] CWE-134 CVE-2007-3917: The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this
nvd
CVE-2007-6201P4HIGHCVSS 7.5v1.2v1.2.1+17 more2007-12-01
CVE-2007-6201 [HIGH] CVE-2007-6201: Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers t Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via unknown vectors related to the turn_cmd option.
nvd
CVE-2009-0878P4MEDIUMCVSS 5.0≤ 1.4.7v0.2.1+107 more2009-03-12
CVE-2009-0878 [MEDIUM] CWE-399 CVE-2009-0878: The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote att The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height.
nvd
CVE-2009-0366P4MEDIUMCVSS 4.3≤ 1.5.11v1.0+55 more2009-03-12
CVE-2009-0366 [MEDIUM] CWE-399 CVE-2009-0366: The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote a The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document.
nvd
Wesnoth vulnerabilities | cvebase