Bug ID: 888331 (CVE-2012-5645) - CVE-2012-5645 Summary: DOS (memory exhaustion or excessive CPU consumption) via malformed network packets Status: CLOSED ERRATA Product: Security Response Component: vulnerability OS: Linux Priority: medium Severity: medium Description: - A denial of service flaw was found in the way the server component of Freeciv processed certain packets (invalid packets with whole packet length lower than packet header size or syntactically valid packets, but whose processing would lead to an infinite loop). A remote attacker could send a specially-crafted packet that, when processed, would lead to freeciv server to terminate (due to memory exhaustion) or become unresponsive (due to excessive CPU use). References: - [1] http://aluigi.altervista.org/adv/freecivet-adv.txt - [2] https://bugs.gentoo.org/show_bug.cgi?id=447490 - [3] http://freeciv.wikia.com/wiki/NEWS-2.3.3 Upstream bug report: - [4] http://gna.org/bugs/?20003 Relevant patch (against trunk): - [5] http://svn.gna.org/viewcvs/freeciv? view=revision&revision=21670 Affected Versions: freeciv package as shipped with Fedora release of 16 and 17 CVE Identifier: CVE-2012-5645 Fixed in Version: Freeciv 2.3.3