Vulnerability Name:

CVE-2006-0047 (CCN-25166)

Assigned:2005-12-28
Published:2006-03-06
Updated:2018-10-19
Summary:packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-399
CWE-20
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Mon Mar 06 2006 - 14:28:28 CST
Out of memory crash in Freeciv 2.0.7

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355211

Source: MITRE
Type: CNA
CVE-2006-0047

Source: CCN
Type: SA19120
Freeciv Packet Parsing Denial of Service Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
19120

Source: SECUNIA
Type: Vendor Advisory
19227

Source: SECUNIA
Type: Vendor Advisory
19253

Source: CCN
Type: SourceForge.net: Files
Freeciv

Source: DEBIAN
Type: UNKNOWN
DSA-994

Source: DEBIAN
Type: DSA 994-1
freeciv -- denial of service

Source: DEBIAN
Type: DSA-994
freeciv -- denial of service

Source: CCN
Type: GLSA-200603-11
Freeciv: Denial of Service

Source: GENTOO
Type: UNKNOWN
GLSA-200603-11

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:053

Source: CCN
Type: OSVDB ID: 23667
Freeciv Crafted Jumbo Data Packet DoS

Source: BUGTRAQ
Type: UNKNOWN
20060306 Out of memory crash in Freeciv 2.0.7

Source: BID
Type: Patch
16975

Source: CCN
Type: BID-16975
Freeciv Remote Denial Of Service Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2006-0838

Source: XF
Type: UNKNOWN
freeciv-packets-dos(25166)

Source: XF
Type: UNKNOWN
freeciv-packets-dos(25166)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:freeciv:freeciv:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:freeciv:freeciv:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:freeciv:freeciv:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:freeciv:freeciv:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:freeciv:freeciv:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:freeciv:freeciv:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:freeciv:freeciv:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:freeciv:freeciv:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:freeciv:freeciv:2.0.7a:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:112246
    P
    		freeciv-2.6.5-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105774
    P
    		freeciv-2.6.5-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.debian:def:994
    V
    		denial of service
    2006-03-13
    BACK
    freeciv freeciv 2.0.0
    freeciv freeciv 2.0.1
    freeciv freeciv 2.0.2
    freeciv freeciv 2.0.3
    freeciv freeciv 2.0.4
    freeciv freeciv 2.0.5
    freeciv freeciv 2.0.6
    freeciv freeciv 2.0.7
    freeciv freeciv 2.0.7a